Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

NAC In-Band Virtual Gateway with ASA VPN access


I've configured NAC for VPN access but I'm running into some issues. The configuration is close to the one in the "

NAC Appliance (Cisco Clean Access) In-Band Virtual Gateway for Remote Access VPN Configuration Example":

Main differences are that the ASA is used as an edge firewall an not only as a VPN concentrator, I'm using VLAN restriction to force traffic through the CAS. I'm on version 4.8.2 for the CAS and CAM and version 8.2(5) for the ASA.

When I connect i can ping and access the network in the example represented in the example by VLANs 10 and 20 (i can ping the router behind the CAS which is coherent with my network filters for the temporary role), but i can't get through to anything beyond that network.

I've tried adding static routes in the CAS, and adding the VPN pool as a managed subnet but the behaviour remains the same.

Does anyone have any experience with this kind of deployment that they can share? Any help is appreciated.

UPDATE- some more information if anyone can help.. the user shows up in CAS as an active VPN client, but is nowhere to be seen on the CAM.



CreatePlease login to create content