I'm currently trying to get EAP-TLS working in a lab with machine and client authentication. I have
Laptop -> Aironet AP -> ACS 4.2 -> AD + CA
I have configured autoenrollment of client and machine certificates, which is working fine and have issued a server certificate to the ACS server. Now the problem I have is when using the "Enable machine access restrictions". When I click this option I get the error "External DB user access denied (Machine Access Restriction)". If I do not have this option chosen I can successfully authenticate using EAP-TLS. I have checked some documentation regarding this error and the resolution seems to be "Ensure NAR configured".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...