NAC Clientless problem task 5.6

I have the same problem on but I don't see any response from instructors.

I checked service on CTA client and listen on UDP 21862, but ASA can't query information


ASA1(config)# SHOW VPN-sessiondb REmote

Session Type: Remote

Username : IPSECUSER
Index : 1
Assigned IP : Public IP :
Protocol : IPSec Encryption : 3DES
Hashing : MD5
Bytes Tx : 144 Bytes Rx : 2050
Client Type : WinNT Client Ver :
Group Policy : GROUP_POLICY
Tunnel Group : IPSECGROUP
Login Time : 16:38:23 UTC Mon Mar 24 2008
Duration : 0h:00m:12s
Filter Name : EAPoUDP
NAC Result : Holdoff <========
Posture Token:

Configuration looks suitable on the ASA, and have confirmed on the ACS that authentication is successfully passing:

ASA1(config)# show run tunnel-g
tunnel-group IPSECGROUP type ipsec-ra
tunnel-group IPSECGROUP general-attributes
address-pool MYPOOL
authentication-server-group RADIUS
default-group-policy GROUP_POLICY
nac-authentication-server-group RADIUS
tunnel-group IPSECGROUP ipsec-attributes
pre-shared-key *

ASA1(config)# show run group-po
group-policy GROUP_POLICY internal
group-policy GROUP_POLICY attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL
nac enable
nac-default-acl value EAPoUDP
vpn-nac-exempt os Linux
vpn-nac-exempt os "Windows 98" filter WINDOWS98
group-policy EzVPN internal

Debugs on the ASA just show me:

ASA1(config)# NAC default acl EAPoUDP applied -
NAC clientless Access Request successful -
NAC Clientless Access Reject -
NAC default acl EAPoUDP applied -


Sign In or Register to comment.