Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Network Error: Clean Access Server could not establish a secure connection to Clean Access Manager

Hello everyone

I am implementing a failover solution of NAC in OOB VG version 4.8, I have 2 CAS and 2 CAM.

The Error I am getting is when I connect to both IP address and the FQDN of the CAS.

===========

Network Error:
Clean Access Server could not establish a secure connection to Clean Access Manager at camsrv3.cadivi.gob.ve.
This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
Please report this to your network administrator.

==========

For the CAM's I use this names camsrv1 and camsrv2. then generate a CSR in the camsrv1 with the name camsrv3.mycompany.com corresponding  to virtual ip and it exported to camsrv2, Install the CA certificate of the company and everything works perfect.

This is the failover configuration

CAM:
Primary:     10.1.206.248 camsrv1.mycompany.com
Secondary: 10.1.206.249 camsrv2.mycompany.com
Virtual:       10.1.206.250 camsrv3.mycompany.com

Then I do exactly the same steps for the CAS's and this is the failover configuration:

Primary:     10.1.216.248 cassrv1.mycompany.com
Secondary: 10.1.216.249 cassrv2.mycompany.com
Virtual:       10.1.216.250 cassrv3.mycompany.com

Then I add the certificate of CAM in the CAS on the tab "Trusted Certificate Authorities"  and vice versa.

The communication between all the CAM´s and CAS´s is correct (Primary, Secondary and Virtual). I can ping the IP and the FQDN and I can also manage the CAS through the CAM.

I verify that the time was right in the CAM and the CAS and all good up there.


Appreciate your help


Eduardo Navas

Everyone's tags (1)
1 REPLY

Re: Network Error: Clean Access Server could not establish a sec

Eduardo,

Bump up the CAS/CAS communications logging on both the CAS and CAMs, and then look in the log files for clues.

On CAM they live in /perfigo/control/tomcat/logs and on CAS in /perfigo/access/tomcat/logs

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

1784
Views
0
Helpful
1
Replies
CreatePlease to create content