01-25-2006 02:43 AM - edited 02-21-2020 12:40 AM
we have a vpn concentrator 3030 runing 4.7 ver, have deployed csa 4.5 and cta 1.0 agents on the client.acs 3.3 is the policy server with local policies created. NAC process takes place and could see all the logs going well.under the quarantine group have created a acl to block certain connections which also works well..the only problem we are facing is the url direct. below are the settign set
posture-token=Quarantine
url-
redirect=http://10.1.100.47/
status-query=30
revalidation-timeout=300
This doesnt get poped up.Will this work with the concentrator or is it only limited to cisco routers and firewalls.how do i get the url direct working with vpn concentrator being the NAD device
01-25-2006 04:31 AM
I had the same issue untill i discovered that the url has to be a hostname, not an ip address.
01-25-2006 04:43 AM
Thanks Jan, i shall try and update
01-27-2006 03:36 AM
Hello Jan
I tried with the hostname but it doesnt work, is there anything which i need to check on ACS because i cant see the cisco/av pair attributes in passed authentications.it looks like it doesnt send it
01-31-2006 05:21 PM
Hi Followurself,
I am doing exactly the same and have sen up NAC using a VPN 3020 as the NAD device. I have got the URL-redirect working.
From my understanding, for the URL-redirect to work youhave to modify the settings on the Cisco Trust Agent. I am using CTA v2.0.0.30 and this setting is enabled by default. The setting is located in the 'ctad.ini' file that is installed along with the client. In this file there are settings under the {UserNotifies] section that defines the behaviour of pop-up messages sent from the ACS to the CTA.
Let me know how you go!
Cheers,
Cam
PS - I can send you the doco on the CTA v2 if you like.
02-01-2006 07:51 AM
Hi,
I m using cta 1.0, can you let me know which setting in ctad.ini i need to look into.
Now here we talking about web url direct to work when you have a cta installed but what if we want the same to work for clientless user. when we enable a clientless policy on concentrator and same get authenticated by the ACS server.can we make a url direct to work here..so the users will isntall cta/csa and then they go in
02-02-2006 08:57 AM
Hi,
I tried with CTA 2.0 and checked the settings in ini file but still the web direct configured in acs under
cisco/av pair isnt working
posture-token=Quarantine
url
-redirect=http://xxxx/
status-query=30
revalidation-timeout=300
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide