NAC Appliance - Layer 4 blocking ?

Unanswered Question
Jun 15th, 2008
User Badges:


This is my first post.

I have an IB deployment of NAC - currently there are wireless users going through the CAS - everything there works fine.

I am configuring VPN access on an ASA5520 and have vlan mapping configured for the VPN groups. I have tried both SSL and IPSec VPN for access and am seeing the same results.

Scenario: When I connect to the tunnel-group, either SSL or with the Cisco IPSec client, I am mapped to the proper VLAN (117). I am running ASA 8.0.3(12). After I'm connected I attempt to browse to an IP address - I am successfully redirected if the CAA is not running. If the Agent is running, it will pop up and ask for credentials - After authenticating with CAS (either with VPN-SSO or using Local DB) I try to ping an IP address, in this case. The reply comes back to my VPN client and then I try to browse to the same IP address and that's where it breaks. I cannot browse to the IP address on 80 or 443.

I did a capture on both interfaces of the CAS, unfrosted and trusted - on the trusted side I do not see my https request make it through.

On the role that my user is mapped to the traffic IS permitted. First I tried only one line of configuration: permit IP any. Then I tried to be more specific - I configured permit TCP any and UDP any. Still doesn't work.

I'm currently working with TAC on this, but any input will be much appreciated.

Thank you in advance!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion