Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
6
Replies

NAC url direct using concentrator

followurself
Level 1
Level 1

‎01-25-2006 02:43 AM - edited ‎02-21-2020 12:40 AM

we have a vpn concentrator 3030 runing 4.7 ver, have deployed csa 4.5 and cta 1.0 agents on the client.acs 3.3 is the policy server with local policies created. NAC process takes place and could see all the logs going well.under the quarantine group have created a acl to block certain connections which also works well..the only problem we are facing is the url direct. below are the settign set

posture-token=Quarantine

url-

redirect=http://10.1.100.47/

status-query=30

revalidation-timeout=300

This doesnt get poped up.Will this work with the concentrator or is it only limited to cisco routers and firewalls.how do i get the url direct working with vpn concentrator being the NAD device

0 Helpful
6 Replies 6

jan.nielsen
Level 7
Level 7

‎01-25-2006 04:31 AM

I had the same issue untill i discovered that the url has to be a hostname, not an ip address.

0 Helpful

followurself
Level 1
Level 1
In response to jan.nielsen

‎01-25-2006 04:43 AM

Thanks Jan, i shall try and update

0 Helpful

followurself
Level 1
Level 1
In response to followurself

‎01-27-2006 03:36 AM

Hello Jan

I tried with the hostname but it doesnt work, is there anything which i need to check on ACS because i cant see the cisco/av pair attributes in passed authentications.it looks like it doesnt send it

0 Helpful

cammaher
Level 1
Level 1
In response to followurself

‎01-31-2006 05:21 PM

Hi Followurself,

I am doing exactly the same and have sen up NAC using a VPN 3020 as the NAD device. I have got the URL-redirect working.

From my understanding, for the URL-redirect to work youhave to modify the settings on the Cisco Trust Agent. I am using CTA v2.0.0.30 and this setting is enabled by default. The setting is located in the 'ctad.ini' file that is installed along with the client. In this file there are settings under the {UserNotifies] section that defines the behaviour of pop-up messages sent from the ACS to the CTA.

Let me know how you go!

Cheers,

Cam

PS - I can send you the doco on the CTA v2 if you like.

0 Helpful

followurself
Level 1
Level 1
In response to cammaher

‎02-01-2006 07:51 AM

Hi,

I m using cta 1.0, can you let me know which setting in ctad.ini i need to look into.

Now here we talking about web url direct to work when you have a cta installed but what if we want the same to work for clientless user. when we enable a clientless policy on concentrator and same get authenticated by the ACS server.can we make a url direct to work here..so the users will isntall cta/csa and then they go in

0 Helpful

followurself
Level 1
Level 1
In response to followurself

‎02-02-2006 08:57 AM

Hi,

I tried with CTA 2.0 and checked the settings in ini file but still the web direct configured in acs under

cisco/av pair isnt working

posture-token=Quarantine

url

-redirect=http://xxxx/

status-query=30

revalidation-timeout=300

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card