I have implemented cisco NAC IN-Band mode (virtual Gateway). We are still testing the features to deploy it in the customer
network. I have the following observations:
1. NAC Integration with Active Directory for SSO
The integration was done successfully but i have doubt about the user roles as in the document guding the configuration
the role is applied for unathentication role while i have created role called users. when the user logging thru SSO i can see the
user online on unauthentocation rule. is this correct ? how to make the user connected to his role ( User role )
2. when the user connected on the network thru SSO, i have closed the agent from the desktop but the browser and netwrok resoureces
is still accessible , is this normal ?
3. which exact ports are needed to open (tcp & UDP) for integrating NAS with AD SSO bare in mind i have Proxy on the network?
the ports on NAS documents seems not enough for full communication.
4. user cannot browse the internet unless i allow broxy IP from the unauthenticatied role
5. when the user successfully logged on the network thru SSO, why the browser keep redirecting to install Clean access agent?