Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

Cisco Clean Access - Intercept ACL standard config

sheidelbach
Level 1
Level 1

‎12-07-2006 01:53 PM - edited ‎02-20-2020 09:38 PM

If implementing an out-of-band CCA solution, with a router acting as the Network Access Device (NAD), would the Intercept ACL standard config be to allow access to the network, or just to the submet where the AAA Policy Server, etc are?

If there are URLs to examples, that would help too.

Thanks!

Labels:
0 Helpful
1 Reply 1

r-simpson
Level 3
Level 3

‎12-13-2006 12:26 PM

First, you will need to open up traffic in the unauthenticated role for tcp port 636 to the LDAP server.

The deal with the certs is that you need the CAM to be able to trust the LDAP servers cert, so you need the root cert corresponding to the LDAP servers cert. You can then upload that on the CAM under "CCA Manager" > "SSL Certificate", drop the box down to "Import Certificate" and then drop the next box down to "Trust non-standard CA". Upload and install

the root to there.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents