NAC Clientless problem task 5.6

I have the same problem on http://ieoc.com/forums/t/2333.aspx but I don't see any response from instructors.

I checked service on CTA client and listen on UDP 21862, but ASA can't query information

 

ASA1(config)# SHOW VPN-sessiondb REmote

Session Type: Remote

Username : IPSECUSER
Index : 1
Assigned IP : 10.105.105.1 Public IP : 174.1.255.200
Protocol : IPSec Encryption : 3DES
Hashing : MD5
Bytes Tx : 144 Bytes Rx : 2050
Client Type : WinNT Client Ver : 5.0.02.0090
Group Policy : GROUP_POLICY
Tunnel Group : IPSECGROUP
Login Time : 16:38:23 UTC Mon Mar 24 2008
Duration : 0h:00m:12s
Filter Name : EAPoUDP
NAC Result : Holdoff <========
Posture Token:

Configuration looks suitable on the ASA, and have confirmed on the ACS that authentication is successfully passing:

ASA1(config)# show run tunnel-g
tunnel-group IPSECGROUP type ipsec-ra
tunnel-group IPSECGROUP general-attributes
address-pool MYPOOL
authentication-server-group RADIUS
default-group-policy GROUP_POLICY
nac-authentication-server-group RADIUS
tunnel-group IPSECGROUP ipsec-attributes
pre-shared-key *

ASA1(config)# show run group-po
group-policy GROUP_POLICY internal
group-policy GROUP_POLICY attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL
nac enable
nac-default-acl value EAPoUDP
vpn-nac-exempt os Linux
vpn-nac-exempt os "Windows 98" filter WINDOWS98
group-policy EzVPN internal



Debugs on the ASA just show me:

ASA1(config)# NAC default acl EAPoUDP applied - 10.105.105.1
NAC clientless Access Request successful - 10.105.105.1
NAC Clientless Access Reject - 10.105.105.1
NAC default acl EAPoUDP applied - 10.105.105.1

Comments

Sign In or Register to comment.