Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco NAC agent not popping up on 64bit machines

Hi all,

has anyone ever had any problems with the Cisco NAC agent not popping up to do posture assessment on 64bit Windows 7 machines?

It seems to work fine on Windows 32bit machines, but not on 64bit machines.

Thanks

Mario

8 REPLIES
Community Member

Does anyone know whether I

Does anyone know whether I should be using a 64bit NAC agent for 64bit machines? Or should the 32bit NAC agent work?

 

thanks

 

mario

Community Member

I still have this issue...are

I still have this issue...

are there any troubleshooting steps to follow when the NAC agent does not pop up?

I am using the latest version of the NAC agent 4.9.4.3... The wireless connects fine and authenticates with the ISE fine, but then the client sticks in a posture pending status in the ISE.

Thanks

Mario

Community Member

How well does your URL re

How well does your URL re-direction work? Can you post your ACL's? *If you do post your ACL's please provide remarks on each line. 

The below URL should give you an idea of what is going on in the background. Reading the document you will probably discover why i asked if URL re-direction is working correctly. 

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/115803-ise-nac-agent.html

 

 

Community Member

Thanks... I shall review the

Thanks... I shall review the link and then post back.

Community Member

Hi,right... if i understand

Hi,

right... if i understand that document correctly... i need to make sure that I redirect tcp 80 & 8905 to the ip of my Policy node.

8905 was in the re-direct ACL, but 80 was not (this has not caused me an issue in the past). So i have added it in now and that has made no difference.

interestingly though, the document says that the client should be able to resolve the DNS name of the ISE. Now... this bits interesting... when i open command prompt and ping the FQDN of the ISE, it advises that it cannot find the host. BUT if i do an NSLOOKUP and type in the hostname of the ISE, it does reply with a valid IP.

So to me it is something to do with either DNS, or the redirect ACL not allowing DNS to work properly.

The redirect ACL is quite large... is there are way that I can easily export it so that you can have a look at it?

Thanks

Mario De Rosa

Community Member

https://<ise-hostname>:8905

https://<ise-hostname>:8905/auth/discovery (What were the results of this when navigating to this link from client?)

Community Member

Page could not be displayed..

Page could not be displayed...

I think there is some kind of DNS issue because when i try and ping the ISE Windows advises that it could not find the host.

But... on the same machine if I do an NSLOOKUP, I can resolve the hostname fine, which then tells me that it is not DNS.

Its very odd.

Does the redirect ACL look OK?

Community Member

I have managed to export the

I have managed to export the commands for the redirect ACL... its not easy to read but they are in the attached file...

10.0.16.111 is our primary ISE

10.131.16.111 is our secondary ISE

 

281
Views
0
Helpful
8
Replies
CreatePlease to create content