NAC Host-Based Policies Issue

Unanswered Question
Apr 30th, 2008
User Badges:


I have a problem... when I try to permit in a temporary role a web page (for example the user can't open it and display security message but when i add the web ip the users can access.... the nac is working on real-ip layer 3...

thanks for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
cleidh_mor Thu, 05/01/2008 - 05:47
User Badges:


Have you allowed DNS traffic to a trusted DNS host?


asaldanab Thu, 05/01/2008 - 14:40
User Badges:

yes... i did it... :(

but its a default trusted dns policy... permit to all DNS Servers UDP port 53... is it correct? or i will type the IP address of my DNS manually?

cleidh_mor Fri, 05/02/2008 - 01:03
User Badges:

No that's fine, as long as that rule applies to the role of the PC.

Try an nslookup on the PC. What's the output?


asaldanab Wed, 05/07/2008 - 07:40
User Badges:


in this moment im not in the company... the next friday i will try

thanks a lot!

ramkumar-b Wed, 05/07/2008 - 00:15
User Badges:

Are u using a proxy server in your network?

Try enabling Parse Proxy checkbox under

CCA Servers-->Filter--> Roles--> Allowed hosts.

Try putting proxy server IP address and port number under CCA Servers---> Advanced ---> Proxy

asaldanab Wed, 05/07/2008 - 07:42
User Badges:


no... i dont have access to internet by proxy server... i have a firewall


the nac server is working in layer 3 real ip gateway... when i put the ip address of the page for example the users can access... but when i permit the access by host in all options like ends, contain, etc can't access...

asaldanab Wed, 05/14/2008 - 09:37
User Badges:


The result of the dns lookup in the host is the next:

*** Can't find server name for address Non-existent domain

*** Default servers are not available

Server: UnKnown


Non-authoritative answer:




The result of the nslookup in the CAS is the next

[[email protected]-MTY ~]# nslookup



Non-authoritative answer:



Help me

asaldanab Fri, 05/16/2008 - 14:56
User Badges:

Additionally, I'd like to say that my configuration is Out-of-Band Real-IP Gateway, Does anybody knows if there's a restriction to manage host-based policies?


gojericho0 Sun, 05/18/2008 - 05:10
User Badges:
  • Bronze, 100 points or more

Thats how mine was setup as well and it should not make a difference. What happens if you try to allow 'all traffic' in your policy. Does it resolve then?

cleidh_mor Mon, 05/19/2008 - 01:21
User Badges:

Additionally, could you post a screenshot of your traffic policy and the output from an ipconfig /all on the client?



This Discussion