Problems Adding Acceptable Use Policy to Agent Login

nagel · ‎02-26-2009

I am running 4.1.6 NAC with 4.1.8 Agents. I have 1 CAM that controls 2 CASs. I have created a .htm page that I then upload to the CAM. I can browse to the uploaded .htm file on the CAM so I know it is there.

I have configured the user role to "Show Network Policy to Clean Access Agent and Cisco NAC Web Agent users".

I have added the traffic policy to allow unauthenticated users to the CAM via HTTP and am no longer receiving a security block page.

I have tried using the path : http://(CAM IP address/auth/file.htm

I have tried using the complete path as determined by PWD from the CAM.

I do get the NAC Dialog staing that the user must accept the USER Policies before logging in but when I click on the link to display those policies (the file.htm link) I keep getting a "page not found" error.

Cisco documentation not real clear on what to do from here in regard to troubleshooting issue.

Anyone out there made this work that might be able to assist?

vmoopeung · ‎03-04-2009

To Configure Network Policy Link

1. Go to Device Management > Clean Access > General Setup.

2. Make sure User Role, Operating System and Require use of Clean Access Agent/Require Use of Cisco NAC Web Agent are configured.

3. Click Show Network Policy to Clean Access Agent and Cisco NAC Web Agent users [Network Policy Link:]. This will display a link in the Clean Access Agent/Cisco NAC Web Agent to a Network Usage Policy web page that Agent users must accept to access the network.

4. If hosting the page on the CAM, you will need to upload the page (for example, "helppage.htm") using Administration > User Pages > File Upload. If hosting the page on an external web server, continue to the next step.

5. Type the URL for your network policy page in the Network Policy Link field as follows:

-To link to an externally-hosted page, type the URL in the format:

http://mysite.com/helppages.

-To point to a page you have uploaded to the CAM, for example, "helppage.htm," type the URL as follows:

http:///auth/helppage.htm

6. Make sure to add traffic policies to the Temporary role to allow users HTTP access to the page.

nagel · ‎03-04-2009

Yes I have done all of that.... My issue is that either the path for .htm file (stored on the tomcat server) is not correct OR that Clean Access cannont make it's way to that path on the CAM in order to run the Acceptable use Policy .htm file. If someone could tell me what that path should be (as the path listed in the Cisco Docs - does not work) then I may be able to resolve. If that is the issue.

naitsirhc81 · ‎07-07-2009

I was having the same problem. Like you, I followed the instructions to the letter with no luck. I am running 4.6 but I'm sure this will apply to you as well. This is what fixed it for me...

Instead of pointing to the CAM, I had to point to the CAS. The folder on the CAS to which the file is loaded is in fact /perfigo/access/tomcat/webapps/auth/ however in the link you only need to point to:

https://CAS_IP/auth/

(note that I'm pointing to https and not http)

If you are running HA use the virtual IP of the CAS which is managing the role(s) you want that policy to be shown to. Oh yeah, one last thing...I didn't need to add a traffic policy for this to work because it is pointing to the CAS and not the CAM.

The documentation on this by Cisco is really bad, even after figuring it out I looked for it to no avail. Anyway, I hope this helps!

mleiby · ‎06-17-2011

This information was very helpful. Wish I would have found this yesterday.