I have a problem... when I try to permit in a temporary role a web page (for example www.microsoft.com) the user can't open it and display security message but when i add the web ip the users can access.... the nac is working on real-ip layer 3...
thanks for your help
yes... i did it... :(
but its a default trusted dns policy... permit to all DNS Servers UDP port 53... is it correct? or i will type the IP address of my DNS manually?
No that's fine, as long as that rule applies to the role of the PC.
Try an nslookup on the PC. What's the output?
Are u using a proxy server in your network?
Try enabling Parse Proxy checkbox under
CCA Servers-->Filter--> Roles--> Allowed hosts.
Try putting proxy server IP address and port number under CCA Servers---> Advanced ---> Proxy
no... i dont have access to internet by proxy server... i have a firewall
the nac server is working in layer 3 real ip gateway... when i put the ip address of the page for example www.symantec.com the users can access... but when i permit the access by host .symantec.com in all options like ends, contain, etc can't access...
The result of the dns lookup in the host is the next:
*** Can't find server name for address 172.16.48.253: Non-existent domain
*** Default servers are not available
The result of the nslookup in the CAS is the next
[root@CAS-MTY ~]# nslookup www.cisco.com
Additionally, I'd like to say that my configuration is Out-of-Band Real-IP Gateway, Does anybody knows if there's a restriction to manage host-based policies?
Thats how mine was setup as well and it should not make a difference. What happens if you try to allow 'all traffic' in your policy. Does it resolve then?