NAC: The page you requested cannot be displayed when triying to login
I'm installing a NAC 4.1.3 L3 inband Real IP intended for guest users. It consists of 2xCAM + 2xCAS in high availability each.
I completed all installation steps, including static routes, login page setup, and a guest user account for test purposes.
Then I setup my laptop like a guest in a managed subnet and I try to access external pages with my browser via CAS. At this point i get the following problem:
First I get the typical redirection message from CAS coming up in my browser: âYou will be automatically redirected. If this doesn't occur within xx seconds, please click hereâ. A few seconds later, the legend â The page you requested cannot be displayed â comes up.
I tried configuring the guest user account in different ways, but I guess this symptom is triggered before starting the user account validation. Could be something related with digital certificates?
I would be very grateful to anyone giving me any clue about this behaviour.
Re: NAC: The page you requested cannot be displayed when triying
Thank you for your reply.
In fact, I discovered that my problem was related to an incorrect certificate generation:
I had two CAS servers in high availability mode. The installation process indicates to generate a certificate in the primary CAS and then, to export it to the secondary CAS.
This is what i did. But even tough the import process in the secondary CAS seemed to complete successfully, in the Administration --> SSL Certificates, the button âverify and install uploaded Certificatesâ returned the error:
Unable to establish certificate chains. Please upload the correct Root/Intermediate CA.
I discovered that the origin of this problem was that my CAS servers had their respective systems clocks very misadjusted, because I did not have a time server in my test lab.
The workaround to generate and import the certificate successfully from the primary CAS to the secondary was to adjust the system clocks of all servers manually with a difference of less that 5 minutes, as stated several times in the CAS documentation.
Another workaround would have been to get a time server available. It can be easily obtained during the installation process with the command "ntp master" in any router if its IOS version supports it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...