NAC Clean Access Update

daniel-costa · ‎11-27-2008

Greetings,

Guys, I'm using CCA v4.5 and I'm having a hard time updating it's Rules/Lists/Policies for Clean Access.

I've arranged that the CAM has connectivity to WAN-Internet so it can download the updates but after running the process this is what I get:

Cisco auto-update is scheduled to start at 1:00:00 and repeat every 24 hours

Cisco rules update is not available

Windows Clean Access Agent patch update is not available

Macintosh Clean Access Agent update is not available

No update is available for supported AV/AS product list (Windows)

No update is available for supported AV/AS product list (Macintosh)

No update is available for default host policies

No update is available for OS detection fingerprint

No update is available for L3 Java Applet web client

No update is available for L3 ActiveX web client

No update is available for OOB switch OIDs

No update is available for Default L2 Policies

No update is available for Cisco NAC Web Agent

No update is available for Cisco NAC Web Agent Applet Facilitator

No update is available for Cisco NAC Web Agent ActiveX Facilitator

As if there is NO updates available. I was wondering if there is a way to manually update it's policies. Where can I download it from? I've searched the Cisco Website but couldn't find it.

Can anyone help me?

Thanks in advance!

At, Daniel

daniel-costa · ‎11-28-2008

Anyone!??! Plz!

hemant1234 · ‎12-01-2008

Just go to Device management> clean access > updates and update tab click on update.

it will download update mannully if you have internet connectiviy

scottyager · ‎12-03-2008

You need to verify that your NAC has access to the Internet. I've had this happen when a proxy server was on the path and blocking access to the Internet for the NAC.

sampathsundararajan · ‎12-09-2008

MAke sure you have DNS configured on the CAM on the webconsole.

d-simic · ‎02-19-2009

Hi Daniel,

having similar problems with 4.1(6).

Manual update used to work, but automatic updates would not happen.

After 10 days, the customer tries a manual update; won't work. Had to reboot the CAMs (I am in redundant mode). Manual update worked after reboot.

10 days since then, customer calls me again: manual update not possible....

There's a bug that seems to go into that direction:

CSCsl80459

Auto updates for Cisco checks & rules fail on CAM

Symptom:

Auto updates for Cisco checks & rules fail on Clean Access Manager (CAM). An entry gets inserted into the CAM event logs indicating update failure. Other updates for CCA agent or ActiveX/Applet, if configured, may be successful

Conditions:

CAM should be configured to fetch Cisco checks and rules update for Cisco's server periodically

Workaround:

Perform manual update. The first manual update for Cisco checks & rules may fail; the second and subsequent ones should be successful

Did you find a solution?

Cheers

Darko

sampathsundararajan · ‎02-19-2009

Hi,

First of all, are you able to access internet from the CAM? That's the basic.

If that's not working, your updates will not work.

Make sure you have the proper DNS entries.

Thanks

Sam

Daniel Laden · ‎02-19-2009

From your computer, access:

http://www.perfigo.com/clean_machine_1/version-se.txt

SSH into the CAM and run

wget http://www.perfigo.com/clean_machine_1/version-se.txt

The NAC Manager should be able to reach out and download the same file you are able to get at your desktop. Are you using proxy? If so, the above may fail. You will need to review the proxy settings.