We have a Cisco NAC solution for our wireless solution. For mobile devices, although directed through the NAC, they do not have an agent and are not checked at all. This is fine and they can connect to the network ok.
After a while, the sessions timeout, and they have to open the web browser to refresh the session. This doesn't happen if the user is using the web browser often. This part is troublesome.
We have no session timeouts configured on the NAC, but the controllers do have an inactive user session timeout of 1 hour.
We know it is NAC related as any SSID that does not go through the NAC does not experience this issue and we have disabled NAC as a test, and again this resolved the issue. NAC is currently running 4.8.0.
My question is does the NAC only register ports 80/443 as 'active user' traffic? If not, why is this happening and why do they have to open a browser to get things going again?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...