We use Cisco Secure Services Client, we are currently using 4.2, 4.051 and 4.2.1. We found that going from 4.051 to 4.2 really fixed a lot of issues but it broke one major option.
Going from 4.051 to 4.2 or 4.2.1 the client does not allow the computer to access the guest or auth-fail vlans prelogin. This is an issue in an environment that runs updates while the computer sits at the login screen. With 4.051 after a few seconds the computer would pop onto the guest vlan, if a user logged in it would pop them off the guest vlan and then onto the vlan they should be on.
So the question is can 4.2 and 4.2.1 be configured to allow access to the guest or auth-fail vlans prior to login or is this a hard coded issue?
I have already tried setting the login to machine/user thinking the machine would attempt login and knock it onto the auth fail vlan, which seems but now the regular user login doesn't work.
If I set the switchport access vlan to the guest network that seems to get the prelogin network access to work. 802.1x still changes the vlan when a user logs in to their apropriate vlan.
So the next question is wether this is a good idea? Is there more of a security risk by adding the "switchport access vlan " command then there is for having the guest vlan and auth-fail vlan? I am setting the switchport access vlan to the guest net, so I am guesing there are no extra security risks then there already are when dealing with vlans.
Sorry, I may have spoken too soon, this did not work. It seems the act of adding the switchport access vlan command while the computer was at the login caused the CSSC client to allow access to the network but when I restarted the computer it is still not allowing access to the guest vlan even though the show vlan show that interface on the guest net and the sho int shows the interface is up and connected.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...