cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1028
Views
0
Helpful
5
Replies

NAC certificate error

blaxucisco
Level 1
Level 1

hi all,

we are facing a certificate error problem on the in-band mode NAC. While user tries to communicate with ms outlook via in-band nac after the NAC process, user get the certificate error message from the proxy server, but when user clicks the view certificate option in-band cas certificate will be appear. but sometimes users can use MS outlook without error message.

FQDN of cas server is not bypassing from the proxy server.

please find the attached file for detail.

thank you

Laxman

5 Replies 5

Faisal Sehbai
Level 7
Level 7

Laxman,

Not clear on the problem description here. You're saying that users while behind an IB NAC are getting certificate errors when they try to use Outlook?

If so, does that happen when they're authenticated? If it happens before authentication it's quite possible that NAC is hijacking the SSL traffic and trying to redirect it to it's login page.

Can you clarify your setup and the problem you're having a bit more clearly?

Thanks,

Faisal

Hi Faisal,

This is happening when user

I get the following error only when connecting to Exchange while authenticated through NAC

Next, does NAC client create any client-site logs?

Thank you

Laxman

Laxman,

Verify that in the end role you have traffic allowed to the Exchange server. A CAS cert error should only pop up either when it's trying to authenticate or trying to block your traffic.

Client does generate logs which I'd be glad to look at if you post them here. You can get to those by going to Start -> Programs and Cisco Log Packager.

HTH,

Faisal

Hi Faisal,

Thank you for your response.

Could you please tell me what is the cisco log packager and how can I download it?

thank you

Laxman

Laxman,

If using the new version of CCA (4.6 and above) it's installed by default when you install the agent.

If you're using CCA Agents below that version, you'll have to edit the registry and then collect the agent logs. Details on that are here:

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp607061

HTH

Faisal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: