Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC - URL Redirect issues

I'm testing NAC on a 3000 series concentrator using ACS 4.x. I'm now to the point where I need to test the user experience when someone connects without the CTA agent. We can quarantine them with the downloadable ACL but I need to redirect them to a remediation site. I configured the unknown RAC to use cisco-av-pair | url-redirect=<URL>. When the client lauches a browser they are not redirected (doesnt matter if the home page is set to internal or external). If I type in an internal URL i finally get redirected. Some internal URL's dont redirect and external URL's dont redirect at all. Is anyone else having issues with this? We can see that the RAC attributes for URL redirect are being passed by looking at the logs.

I need the browser to automatically be redirected when launched no matter if the home page is set to internal or external. Of course this wouldnt apply to systems with CTA already installed.

Thanks in advance.

1 REPLY
Silver

Re: NAC - URL Redirect issues

NAC URL redirect does not occur for hosts that use SOCKS proxy. URL redirect monitors ports 80 and 443 for HTTP connections. SOCKS proxy HTTP connections occur on a different port. As a result, the host is either not redirected or it displays a "Page not found" error.

URL redirect is configured on an ACS server and passed to the VPN 3000 Concentrator during posture validation. You cannot change its settings from the VPN 3000 Concentrator.

135
Views
0
Helpful
1
Replies
CreatePlease login to create content