My customer is experiencing intermittent VPN issues in which the NAC agent will not pop-up upon connecting to the VPN. It works fine on the LAN however. The problem is not experienced by everyone. for example, it never happens to me, and has never happened to my contact at the client. but i am told that he has VPN users that this happens often to.
NAC can be initiated by either a reboot, or exiting the agent and allowing the redirect to relaunch the agent.
In some cases, the agent is not detected on the machine, and the redirect instructs the VPN user to install the agent, even though it is installed already. However, the case may also be that this same user was connected the day before.
What i am thinking is that it may have something to do with the SWISS discovery or timers.
DNS works fine. I have increased the SWISS timers, and disabled L3 SWISS delay. I have yet to know for sure if this will work, but i would like to get some insight from the community as to whether i am heading the right direction, or if others have a solutions.
I know another method would be to just do WebAgent, but the problem that would then introduce is being double postured. If the WebAgent launches, and they have the client installed, they may both run at the same time.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...