NAC Host-Based Policies Issue

Unanswered Question
Apr 30th, 2008


I have a problem... when I try to permit in a temporary role a web page (for example the user can't open it and display security message but when i add the web ip the users can access.... the nac is working on real-ip layer 3...

thanks for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
asaldanab Thu, 05/01/2008 - 14:40

yes... i did it... :(

but its a default trusted dns policy... permit to all DNS Servers UDP port 53... is it correct? or i will type the IP address of my DNS manually?

cleidh_mor Fri, 05/02/2008 - 01:03

No that's fine, as long as that rule applies to the role of the PC.

Try an nslookup on the PC. What's the output?


asaldanab Wed, 05/07/2008 - 07:40


in this moment im not in the company... the next friday i will try

thanks a lot!

ramkumar-b Wed, 05/07/2008 - 00:15

Are u using a proxy server in your network?

Try enabling Parse Proxy checkbox under

CCA Servers-->Filter--> Roles--> Allowed hosts.

Try putting proxy server IP address and port number under CCA Servers---> Advanced ---> Proxy

asaldanab Wed, 05/07/2008 - 07:42


no... i dont have access to internet by proxy server... i have a firewall


the nac server is working in layer 3 real ip gateway... when i put the ip address of the page for example the users can access... but when i permit the access by host in all options like ends, contain, etc can't access...

asaldanab Wed, 05/14/2008 - 09:37


The result of the dns lookup in the host is the next:

*** Can't find server name for address Non-existent domain

*** Default servers are not available

Server: UnKnown


Non-authoritative answer:




The result of the nslookup in the CAS is the next

[root@CAS-MTY ~]# nslookup



Non-authoritative answer:



Help me

asaldanab Fri, 05/16/2008 - 14:56

Additionally, I'd like to say that my configuration is Out-of-Band Real-IP Gateway, Does anybody knows if there's a restriction to manage host-based policies?


gojericho0 Sun, 05/18/2008 - 05:10

Thats how mine was setup as well and it should not make a difference. What happens if you try to allow 'all traffic' in your policy. Does it resolve then?

cleidh_mor Mon, 05/19/2008 - 01:21

Additionally, could you post a screenshot of your traffic policy and the output from an ipconfig /all on the client?



This Discussion