NAC VL3 in-band for VPN users Setup

Unanswered Question
Dec 19th, 2008

We have the setup configured as per Sample in-band for VPN clients configured.

Currently all our clients authenticating successfully, however when they open their IE, they don't get a NAC Agent page?

What are some of the places where I should start to look into for troubleshooting??

Thank you,

Dev

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Fri, 12/26/2008 - 06:20

Multi-hop L3 support for in-band (wired) deployments enables administrators to deploy the Clean Access Server (CAS) in-band centrally (in core or distribution layer) to support users behind L3 Switches (e.g. routed access) and remote users behind VPN Concentrators or remote WAN routers.With L3 IB, users more than one L3 hop away from the CAS are supported and their traffic always goes through Cisco NAC Appliance.

Make sure the below compatibility.

ActiveX/Java Applet and Browser Compatibility

• ActiveX is supported on IE 6.0 for Windows XP and Windows 2000 systems.

• IE 7.0 Beta is not supported when the Clean Access Agent is installed. For the Agent to login and perform other operations, users must uninstall IE 7.0 Beta 2.

• Java applets are supported for major browsers including Safari 1.2+, Mozilla (Camino, Opera), and Internet Explorer on Windows XP, Windows 2000, Mac OS X, and Linux operating systems.

• Due to Firefox issues with Java, Java applets are not supported for Firefox on Mac OS X.

For further information click this link.

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/411/cas411/s_L3oob.html

Actions

This Discussion