NAC AGENT - DON´T START - IN BAND VIRTUAL GTW - VPN REMOTE

TIAGO MATIAS · ‎05-03-2010

Hello Guys

I have a NAC version 4.6.1 configured how NAC IN BAND VIRTUAL GATEWAY for REMOTE ACCESS VPN ( CVPN 3000) .

The question is that everything is configured but the AGENT don´t start when i connect BY VPN.

When i don´t have the AGENT Installed - don´t works, and i´m not redirect to do the agent download

When i have the AGENT Installed - don´t works, the agent don´t start

One question is that i can see the user LOGGED on NAC on the CCA Server / Authentication / VPN Auth / Active Clients

I believe that the NAC is capturing the VPN connection but the AGENT don´t start to execute the requiremts. And i don´t know why ????

Faisal Sehbai · ‎05-04-2010

Tiago,

What do you have set in the Discovery host of the agent?

Faisal

TIAGO MATIAS · ‎05-04-2010

Hello Faisal

So, in the discovery host is configured the CAM IP ADDRESS.

Do you have any idea ?

Thanks

Faisal Sehbai · ‎05-04-2010

Tiago,

Seeing the client in the Active Clients list means that the CAM is receiving the Accounting Start packet from the VPN device. Not having the agent popup or not getting the redirect page means that your traffic path isn't set right still.

Please post your network diagram for review.

Thanks,

Faisal

TIAGO MATIAS · ‎05-04-2010

Faisal, attached is the topology, the path is INTERNET >>>CVPN (vlan 726) >>> CAS UNTRUSTED (vlan 726) >>> PIX DMZ (vlan 8) ===> CAS TRUSTED (vlan 8) ===>PIX INSIDE (vlan 50 )

I checked the routing on CVPN , PIX an CORE and is configured properly. One point is that if i put the on FILTERS the connection works properly. By my troubleshooting I believe that the connection is locked in unauntheticated role, waiting for the agent that don´t start.....

Would you like more information to clarify the scenario ?

Thanks