Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC certificate error

hi all,

we are facing a certificate error problem on the in-band mode NAC. While user tries to communicate with ms outlook via in-band nac after the NAC process, user get the certificate error message from the proxy server, but when user clicks the view certificate option in-band cas certificate will be appear. but sometimes users can use MS outlook without error message.

FQDN of cas server is not bypassing from the proxy server.

please find the attached file for detail.

thank you

Laxman

5 REPLIES

Re: NAC certificate error

Laxman,

Not clear on the problem description here. You're saying that users while behind an IB NAC are getting certificate errors when they try to use Outlook?

If so, does that happen when they're authenticated? If it happens before authentication it's quite possible that NAC is hijacking the SSL traffic and trying to redirect it to it's login page.

Can you clarify your setup and the problem you're having a bit more clearly?

Thanks,

Faisal

New Member

Re: NAC certificate error

Hi Faisal,

This is happening when user

I get the following error only when connecting to Exchange while authenticated through NAC

Next, does NAC client create any client-site logs?

Thank you

Laxman

Re: NAC certificate error

Laxman,

Verify that in the end role you have traffic allowed to the Exchange server. A CAS cert error should only pop up either when it's trying to authenticate or trying to block your traffic.

Client does generate logs which I'd be glad to look at if you post them here. You can get to those by going to Start -> Programs and Cisco Log Packager.

HTH,

Faisal

New Member

Re: NAC certificate error

Hi Faisal,

Thank you for your response.

Could you please tell me what is the cisco log packager and how can I download it?

thank you

Laxman

Re: NAC certificate error

Laxman,

If using the new version of CCA (4.6 and above) it's installed by default when you install the agent.

If you're using CCA Agents below that version, you'll have to edit the registry and then collect the agent logs. Details on that are here:

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp607061

HTH

Faisal

462
Views
0
Helpful
5
Replies
CreatePlease login to create content