Cisco AAA/Identity/Nac :: Clean Access Agent With NAC V 4.7.2 And Windows 7?
Nov 15, 2011
I have done a ADSSO config. Following all the steps in the guide with the specifics steps for windows 7 to modify the krb.txt and the strattomcat.I restart services activate the "Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)" option on the NAM.Then, the ADSSO service start on the NAS.I modify the local policy according to the guide allowing all encryption except the one for future use.Then the NAC client say "User unknown" contact your network administrator.
View 3 Replies
ADVERTISEMENT
Jan 14, 2012
I have two NAC appliances version 4.8.2, one Manager and one Server, I want to know if the “nacagentsetup-win-4.8.2.1.tar.gz” software exists in my appliance or it’s CD or not? Should I download it?
When my client wants to download the software by clicking on “download Clean Access Agent 4.8.2” button this error appears “Failed to download (states=-2)”. I guess I should upload the software first but I don’t know how or where it is?
View 1 Replies
View Related
Feb 9, 2011
We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
View 1 Replies
View Related
Jul 17, 2012
We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
[code]...
View 3 Replies
View Related
Jun 7, 2011
The problem is that i had configured the ACS appliance with a remote agent to Integrate with Microsoft active directory and I installed that agent on one of our domain controls and it is working fine.
When I installed another agent on anther domain control and add it to the ACS server it appear that the remote authentication service is working on it but when try to make the new agent the primary and the old one the secondary from External database configuration all the domain users authenticated but only to one group which configured in Unknown User Policy.It appeared like it can't read any more groups from active directory.
View 2 Replies
View Related
May 4, 2011
I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
View 1 Replies
View Related
Jun 11, 2011
I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). [code]
View 3 Replies
View Related
Mar 2, 2011
properly patching and/or cleaning the ACS version listed in the title.
First off - what does the Cleaning utility do?
Second - I have obtained the two following files:
ACS-4.2.0.124.17-SW
ACS-4.2.0.124.16-Clean
Can these both be used to correct a problem we have with our current installation?
View 2 Replies
View Related
Mar 18, 2013
We have ACS 4.2.0.124 runnning with remote agent installed on win 2003/32 bit ent server. Now we are facing issue like logs (daily backup) from ACS to the Remote Agent is not happening properly. We usually get logs around 1 MB everyday in remote agent but sometimes we are getting 1 KB continuosly untill the services to be restarted in ACS manually.
View 9 Replies
View Related
Dec 27, 2012
I have created a NAC Agent Customization Package and sucsesfully uploaded the 'custom.zip' file to - Policy>Policy Elements>Results>ClientProvisioning>Resources.
However, when I try to edit my Client Provisioning Policy and select AgentCustomizationPackage, my custom package dosn't appear on the drop down list, so i'm unable to select it!
View 4 Replies
View Related
Jul 30, 2012
We have a working L2 OOB VG deployment. The NAC agent pops up then says it has granted full access. The issue is about 45 seconds later it pops again then says it has granted full netowrk access. Then it does it again...etc.... The CAM thinks things are fine as it just keeps adding the user to the OUL.
View 4 Replies
View Related
Mar 20, 2012
Presently we are upgrading the existing domain controller to Windows Server 2008, R2 Standard Edition.
I'm bit confound with the information available for the upgrade scenarios. Listed out the present working versions.
Cisco ACS SE - Release 4.1(1) Build 23 Patch 5
Cisco ACS Remote Agent version 4.2(0.124)
As the new operating system is going to work on 64 Bits, I think the existing ACE SE and remote agent may/should be upgraded.
Based on my existing versions, provide the possible upgrade scenarios available for me.After upgrading SE and Remote Agent should be working for 64 bit OS.
View 6 Replies
View Related
Jun 24, 2012
I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
View 31 Replies
View Related
May 13, 2013
its been a while since I configured a Cisco firewall (PIX 6.0, SDM) - I've now been thrown in the deep end with a pair of 5525-X's (Latest Software) and I need to achieve the belowWebsense integration (Got this working)AAA Authentication for various outbound traffic routes.I'm using ASDM as I'm more comfortable with the GUI than CLI (I'm the other way round with switches!!!), I have AD Agent configured but the ASA isn't doing anything based on User Name but I have a few other things to try. What I'm trying to achieve now is ignoring certain user names from being matched to IP Addresses as I believe that this may have something to do with it.We use Sophos AV and each PC requires a Service Account to run Sophos under. Each update that Sophos attempts is seen as a login and that is the user attached to the IP Address of the machine. Within Websense, it can be told to ignore certain users for purposes of filtering and reporting etc.. but I dont seem to be able to do this with the AD Agent.
View 3 Replies
View Related
May 7, 2012
I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC.
View 3 Replies
View Related
Jul 17, 2011
it's possible to install ACS Remote Agent 4.2.1 on VMWare server. Is it supported by Cisco?Do you have any experience with running the remote agent on VMWare servers?
View 2 Replies
View Related
Mar 3, 2012
I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3.Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below: "24401 could not establish connection with acs active directory agent"I'm not seeing anything telling in the logs on the domain controllers.
View 1 Replies
View Related
May 2, 2013
ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.
View 5 Replies
View Related
Apr 28, 2012
installing the Cisco NAC agent through the Active Directory Group Policy. (Windows 2008 R2)Currently Cisco NAC CAS servers has been installed, configured and the switches are added. But the ports are not active. Currently users are not passing through the NAC. When the ports are active and the users trying to access the network, the browser will ask the users to install the Cisco NAC Agent.I need t by pass this by installing the Cisco NAC agent through the active directory Group Policy. How to install the Cisco NAC agent (4.9.1) to all the users in the Network (Windows XP / 7 )through Active Directory so that the users will not know that the Cisco NAC agent has been installed in their computers. By this way the users need not install the Cisco NAC agent through the Web browser and will just login their user name and password and get into the network.
View 1 Replies
View Related
Apr 16, 2012
I've just installed a clean Windows 7 Ultimate on a brand new Acer Aspire 5750.The lan nor wireless didn't work out of the box. After installing the Gigabit lan drivers it found the network card But it can't find the wireless. When I try to install the Wireless drivers from: [url]It's the Atheros card I have. So when I try to install the Wireless Lan Atheros drivers it sais:"The device doesn't exist. Please plug the device back in and try again" What do I do now? It's a laptop, I can't exactly remove the network card.
View 1 Replies
View Related
Jul 9, 2012
I want to configure ad agent on windows server 2008 R2 SP1 with all need patch installed.When i try to connect to DC with adacfg dc list, status is UP. Log ADOBserver's don't show any errors. But when try to do command "adacfg cache list", result - empty. In what may be the problem? Perhaps it is related to the language of the OS?
View 4 Replies
View Related
Jul 14, 2010
getting the iPad to work with Clean Access? Currently running v4.7.2 NAC.
View 6 Replies
View Related
Jan 30, 2011
We have 6 brnaches configured with NAC Module in Cisco 2821 ISR router. The WAN link being used to connect all the branch to the HQ CAM is via WIMEX wireless Broadband. The bandwidth is 2MB.OOBVG is the mode used. All branches were working well last 1 year. Last month it is suddently disconnected from the CAM.I opened the TAC. Cisco history of TAC experience, We have total 6 TAC enginners tried one by one still the problem not resolved. The following are the findings
1. Timing is accurate between CAS-CAM
2. Shared secret key correct
3. SSL temp certificate ok also image being used it 4.6.1.
4.Tcpdump from both CAM and shows some initial packet drops of 10 sec with the below CAM log
I believe that NAC is not a matured products and the problem like this even by Cisco TAC can not solve.
View 1 Replies
View Related
Dec 13, 2011
network access protection agent service is not running
View 1 Replies
View Related
Nov 4, 2012
We have some users who use AnyConnect regularly; the tunnel is terminated on a 5520 ASA. The tunnel group is currently set up to send RADIUS aaa requests to the ACS server, which in turn is set up to query Active Directory. This is working perfectly for all AnyConnect users except for one person. authentication worked fine for this person as well before we switched from an old Steel Belted Radius server that used to be doing the same thing basically, it handled the RADIUS requests but did a look up into Active Directory. So that part of it has not changed. So now when this user tries to log in he gets these the Windows event logs.
Date : 11/02/2012
Time : 21:13:39
Type : Information
[code].....
I've looked though the ASA configuration and it is using a valid certificate and everything, signed by GoDaddy etc…. It won’t' let me look at the certificate authority configuration because it says it can't be configured when in a failover pair. I don't really think the problem is at the ASA at this point, because all other users are authenticating correctly. (And so was this user before switching to ACS)Also in the ACS logs it says the user used the wrong password and that is why authentication is failing, but they are using the correct password. So now I am looking into issues with the users account in particular. Something that I think may be worth noting is that this user has a very large access token (one of the largest in the entire organization) belonging to over 98 groups (not including all the sub groups). I'm wondering if having a very large access token could be throwing ACS off for some reason.
View 3 Replies
View Related
Feb 27, 2012
configuring DHCP on access point, i have cisco 1142N access point, in my network.. working in autonomous mode, i have assigned a static ip to access point with default gateway.. from AP i'm able to reach internet and user connecting to access point are not able to get ip.. i have DHCP server in my network. how to make access point to fetch ip from my dhcp server and assign the saem to client.
View 10 Replies
View Related
Apr 14, 2011
I have ACS 5.2 running as a VM. I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this. If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups.
View 1 Replies
View Related
Nov 8, 2010
Just upgraded our WCS server to the 7.x code over the weekend. Turned up the first 3500 series AP's today. The AP's have been up for about an hour. I am seeing the Air Quality graphs on WCS. On the Worst 802.11a/n and 802.11b/g/n Interferers windows, I am see a WCS System Error Page message but only in those windows. I have gone over the documentation and dont see that I need to enable anything else on WCS.
View 10 Replies
View Related
Aug 16, 2011
For a Campus setup (University), if I deploy 1142 AP's on all the floors with a WLC controlling them, and put one 3500 AP on each floor, will that give sufficient Clean Air support with automatic Rogue elimination? What about if an AP drops, does the WLC automatically try to cover that area with neighboring AP's? I know the old WLSE would be able to do that, but not sure if the WLC can do that by itself. What part of Self Healing can the WLC do with Clean Air, or is a WCS a must have in order to automatically Defend and self heal? Also is the MSE needed for this if a WCS is used? What does the MSE do that the WLC and WCS can't?
View 4 Replies
View Related
Apr 25, 2013
we have this:1x wlc 5508 7.2.1031x cisco prime infrasture physical appliance 1.2And for test of clean air 1x ap 3600 seriesBut i have a question if i would like see bluetooth device in neighborhood. On the cisco web i founded 3355 or virtual appliance.
View 1 Replies
View Related
Mar 5, 2012
Hard drive is getting full on LMS 3.2 The only thing this server is running is LMS and Wireshark. What is safe to delete to free up space. Or is there a setting to purge the database so that old data isn't kept for so long.
View 1 Replies
View Related
Jan 16, 2012
In the past both of my Dell Laptops running Windows 7 via a router and belonging to HOMEGROUP, have been able to share files back and forth - with the ability to read/write. All of a sudden, one of the laptops (call it #1) was not able to find the shared files of the other laptop (call it #2.) However it worked the other way (#2 could find #1). I did all kinds of research, checked they both still belonged to the Homegroup, sharing was "on", discover network was "on", permissions were "full", etc.
I couldn't get anything to work - when I saw a suggestion that I sign off the Homegroup on both computers, set up a new Homegroup, and try again. I did this and still didn't have any luck - then decided to reboot both laptops.now I have sharing between both computers. BUT - on Computer #1 - the shared folders are like doubled. I have 4 libraries that are shared - Documents, Music, Video, Pictures, and the listed are all the 6 folders that I made sure were set to sharing - but Documents, Pictures, Music, are duplicates of the "library". I'm afraid to change any settings for fear that I'll lose what I finally gained. So my questions is - how can I clean this up so libraries and individual folders are not both shown?
View 1 Replies
View Related
Apr 16, 2012
Is there a way to wipe a 515e clean and get ride of the Failover Only license and just have a basic licesne loaded? I got this off of ebay and I guess I missed where it said Failover Only, and I would really like to use it.
View 2 Replies
View Related
