cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1147
Views
0
Helpful
8
Replies

Cisco NAC agent not popping up on 64bit machines

marioderosa2008
Level 1
Level 1

Hi all,

has anyone ever had any problems with the Cisco NAC agent not popping up to do posture assessment on 64bit Windows 7 machines?

It seems to work fine on Windows 32bit machines, but not on 64bit machines.

Thanks

Mario

8 Replies 8

marioderosa2008
Level 1
Level 1

Does anyone know whether I should be using a 64bit NAC agent for 64bit machines? Or should the 32bit NAC agent work?

 

thanks

 

mario

I still have this issue...

are there any troubleshooting steps to follow when the NAC agent does not pop up?

I am using the latest version of the NAC agent 4.9.4.3... The wireless connects fine and authenticates with the ISE fine, but then the client sticks in a posture pending status in the ISE.

Thanks

Mario

How well does your URL re-direction work? Can you post your ACL's? *If you do post your ACL's please provide remarks on each line. 

The below URL should give you an idea of what is going on in the background. Reading the document you will probably discover why i asked if URL re-direction is working correctly. 

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/115803-ise-nac-agent.html

 

 

Thanks... I shall review the link and then post back.

Hi,

right... if i understand that document correctly... i need to make sure that I redirect tcp 80 & 8905 to the ip of my Policy node.

8905 was in the re-direct ACL, but 80 was not (this has not caused me an issue in the past). So i have added it in now and that has made no difference.

interestingly though, the document says that the client should be able to resolve the DNS name of the ISE. Now... this bits interesting... when i open command prompt and ping the FQDN of the ISE, it advises that it cannot find the host. BUT if i do an NSLOOKUP and type in the hostname of the ISE, it does reply with a valid IP.

So to me it is something to do with either DNS, or the redirect ACL not allowing DNS to work properly.

The redirect ACL is quite large... is there are way that I can easily export it so that you can have a look at it?

Thanks

Mario De Rosa

https://<ise-hostname>:8905/auth/discovery (What were the results of this when navigating to this link from client?)

Page could not be displayed...

I think there is some kind of DNS issue because when i try and ping the ISE Windows advises that it could not find the host.

But... on the same machine if I do an NSLOOKUP, I can resolve the hostname fine, which then tells me that it is not DNS.

Its very odd.

Does the redirect ACL look OK?

I have managed to export the commands for the redirect ACL... its not easy to read but they are in the attached file...

10.0.16.111 is our primary ISE

10.131.16.111 is our secondary ISE

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: