Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC Status Query timer

Hi All,

I am having a slight issue with NAC regarding the notification of the posture result to the client too frequently.

In summary:

1. I have setup NAC to work for our remote access IPSec VPN connections on a Cisco 3020 VPN Concentrator. This has been working perfectly for the past 3-4 years.

Because of the tight security restrictions that have to be used (the industry I work in) I have to set the 'Status Query' interval timer to 180 seconds, so that it checks the posture every 3 minutes. This works fine and the user only receives posture notification the first time and then if none of the attributes change there are no further posture notifications. If an attribute changes (eg: virus pattern file upgrade, Windows patch, etc) then the user gets notified with their new posture result.

(hope that makes sense - basically it works exactly like it is meant too)

2. We are now de-commissioning  the VPN Concentrator and replacing it with a Cisco 5520 ASA. I have configured it and it is working perfectly EXCEPT that every 180 seconds (the Status Query Interval setting) the end user gets notified on their posture result, regardless of if it is exactly the same as the previous result. So basically the end host gets a NAC Posture Result pop-up every 180 seconds, where this did not happen with the VPN Concentrator.

Any help would be apprecaited. If you need more information, please let me know.