08-12-2009 08:52 AM
I have CAS with Agent 4.5.1 , when users try to get authenticated he needs CCA Agent to be downloaded and installed on client PC , its not happening automatically ..users opens a browser type the link eg:www.google.com ..first time should be redirected to CAS for CCA agent download page , but its not happening ..but when they type the IP address of CAS eg: https://cas-ip , then it asks to download the CCA Agent , i have complete DNS setup both reverse lookup / forward lookup working also proxy configured still it does n't goes out there..... where with ip address everything works fine ..does any have idea how to move forward
08-12-2009 02:38 PM
When you try "www.google.com", do you know if the packet will reach CAS? Check your routing to make sure this.
08-13-2009 12:45 AM
when typing IP will do the job , have no idea if still could be routing issues L3 , also do i need any route on Proxy server to reach CAS or on DNS server something like this ...have some tested this setup then pl
08-13-2009 06:58 AM
Which ip will do the job? CAS' IP? If yes, I believe that Agent download can be triggered when the packet to www.google.com will go through the CAS.
If you have service contract with Cisco, I suggest you to open a TAC case.
08-13-2009 07:26 AM
Hi,
I already opened TAC # 5 engg changed no solutions , cisco TAC team is completely unaware about their products itself or they not upto the mark for the solution at one time i thought to switch with Juniper
since this solutions already sold , i hope to have valid solutions let s re assess to find the solution
1. when type the IP of CAS agent gets downloaded
2. when type of www.google.com doens 't go
3. DNS both forward & reverse lookup working fine
4. Proxy has been configured in CAM
does any issue needs here missing to fill the GAP.
08-13-2009 09:46 AM
troubleshooting this will depend on how it was implemented in your network. Such as in-band or out-of-band, layer 2 or 3 mode, and CAS is virtual Gateway or real Gateway.
The general mistakens could be:
1. SVI interface for auth vlan --> auth vlan must be pure layer 2. In a word, you need make sure the packet from client should go to CAS when they try to browser google.com
2. if it is layer 2 mode, management subnet must use IP from trusted subnet but vlan ID from auth vlan
3. if it is layer 3 mode, make sure you have static route configured for user's IP address.
HTH
08-13-2009 10:43 AM
Hi
Thanks
its been implemented as L2-OOB-VGW (CAS)
and setup is working fine , when agent manually installed , authentication process takes places successfull and valid policy and posture assements
when i said everything working means it dam working for around 100 PC's
only i need to redirect when they open the www.google.com (first time , where no CCA agent installed ) then it should get the download from CAS , as i said earlier using IP address cas will ask users to download the KIT...
i really appreciate your effort to response let s hope with more tips we can resolve the problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide