NAC Agent never seems to initiate communication with CAS
I can (occassionally) get the pilot NAC devices to log-in to the CAS server through a combination of restarting the NAC Agent service, re-starting the NAC Agent UI, and bouncing the port.
My configuration is an L3 OOB GW - my issue does not seem to be with NAC but rather with getting the agents to initiate communication with the CAS in the first place.
I am using NAC CAM/CAS 4.7.2 and agent version 184.108.40.206
The unauthenticated/untrusted roles have been allowed full unrestricted inbound access through the CAS as part of the troubleshooting process.
I have attached a copy of the report generated by the log packager utility on a machine which was failing to log-in.
(incidentally I note on every machine I have attempted to run the log packager on that the 'log agent plugin' fails to return a response within 300 secs and hence does not generate any useful output. - is there ANY way to get visibility into these logs eithere through a different utility/viewer or by entending the 300-second timeout when packaging logs?)
Re: NAC Agent never seems to initiate communication with CAS
Attached is a new log generated today for comparison... without the ability to interpret these logs files myself I'm not sure if they are of any more use than the last set. (this log was generated on a user workstation that has the agent installed but is NOT logging in to the CAS.
The CAS in this case is a (pair of) Real IP Gateway(s) configured OOB.
In response to your question - it is possible on any of these workstations to log into the CAS using the WEB login (by explicitly typing the IP address of the url for the cas) - did you want me to specifically deny 80 and 443 traffic and then see if any attempted web connection will result in a prompt within the IE window? (I can consider doing so although there is a proxy server in use on site which is situated 'behind' the CAS from the perspective of these users)
Is there anything unusual about the fact that one of the plugins initiated by the log packager never completes within the 300 seconds or is this something you see fairly regularly?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...