Clean Access Manager Update

I want to update my 3310 CAM usiing proxy server is it possible to use proxy IP address insteadof using the hostname. I tried IP address many times but it doesn't work.

You'll have to delve in the database and empty out the license table. This is completely out of realm of support for CCA though, so I can't post an unsupported procedure on NetPro forums.
I can tell you though that the underlying database is postgres, the database name is controlsmartdb, and the table you're looking for is flexlm_licenses; If you do empty out the licenses table, be ready to install all your CAS and CAM licenses on it again.
I would have advised opening a TAC case, but TAC will refuse support to you since you're running your environment on virtual hardware, which is unsupported through and through.

Similar Messages

  • Plse...help me on the communicating between CLEAN ACCESS MANAGER and Switch 3560E-24Ps by snmp

    Dear All,
    I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). Plse give me any suggestion to solve that problem. All configuration is as below:

    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/412_cam_book.html

  • Network Error: Clean Access Server could not establish a secure connection to Clean Access Manager

    Hello everyone
    I am implementing a failover solution of NAC in OOB VG version 4.8, I have 2 CAS and 2 CAM.
    The Error I am getting is when I connect to both IP address and the FQDN of the CAS.
    ===========
    Network Error:
    Clean Access Server could not establish a secure connection to Clean Access Manager at camsrv3.cadivi.gob.ve.
    This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
    Please report this to your network administrator.
    ==========
    For the CAM's I use this names camsrv1 and camsrv2. then generate a CSR in the camsrv1 with the name camsrv3.mycompany.com corresponding  to virtual ip and it exported to camsrv2, Install the CA certificate of the company and everything works perfect.
    This is the failover configuration
    CAM:
    Primary:     10.1.206.248 camsrv1.mycompany.com
    Secondary: 10.1.206.249 camsrv2.mycompany.com
    Virtual:       10.1.206.250 camsrv3.mycompany.com
    Then I do exactly the same steps for the CAS's and this is the failover configuration:
    Primary:     10.1.216.248 cassrv1.mycompany.com
    Secondary: 10.1.216.249 cassrv2.mycompany.com
    Virtual:       10.1.216.250 cassrv3.mycompany.com
    Then I add the certificate of CAM in the CAS on the tab "Trusted Certificate Authorities"  and vice versa.
    The communication between all the CAM´s and CAS´s is correct (Primary, Secondary and Virtual). I can ping the IP and the FQDN and I can also manage the CAS through the CAM.
    I verify that the time was right in the CAM and the CAS and all good up there.
    Appreciate your help
    Eduardo Navas

    Eduardo,
    Bump up the CAS/CAS communications logging on both the CAS and CAMs, and then look in the log files for clues.
    On CAM they live in /perfigo/control/tomcat/logs and on CAS in /perfigo/access/tomcat/logs
    HTH,
    Faisal
    If you find this post helpful, please rate so others can find the answer easily

  • Cisco Clean Access Manager is a software or hardware?

    HI,all
    Cisco Clean Access Manager is a software integratedin the Cisco Clean Access Server or a single hardware device?
    Nac is new to me.I cann't open the NAC flash demo,so anyone can provider me with the NAC appliance and NAC Framework deployed toplogy?Thank you.
    Respects!
    MinQuant

    Hi,
    This is an appliance ... so i'ts hardware
    Look here for more information on the subject:
    http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd803be813.shtml
    If you find this post usefull
    please don't forget to rate this
    #Iwan Hoogendoorn

  • VZ Access manager update and VPN

    usb551l and Cisco VPN client
    the update appears to have affected our Cisco VPN client. The client connects but doesn't pass any traffic. The only difference I can see is the new VZAM has an IPv6 address. I unchecked it from network properties but that didn't help. Anyone experiencing this ? 

    I think that's a Verizon Wireless application? http://www.vzam.net/  That page indicates that it works with Windows 7...
    For a list of FiOS stuff that is or isn't compatible with Windows 7, check out http://www.verizon.com/windows7support

  • Cisco Clean Access Update Website and Firewall Port Required

    Hi,
    I was wondering if anyone may know the website the clean access manager would be using to upate as well as the firewall port required. This is due to a firewall in place. Based on some reading, not sure if it uses other website besides the following http://www.perfigo.com/clean_machine_1/version-se.txt on port 80.
    Thanks.

    Hi,
    For CAM checks and rules update, that's the only site required.
    HTH,
    Faisal
    If you find this post helpful, please rate so others can find the answer easily

  • Cisco NAC Clean access update

    Hi,
    I am trying to deploy nac but for updating the Clean access av/as update i am not able to get the updated signatures and update the NAM.
    is there any way i can force it manaually or wget and get the package for the same?
    Please help
    Thanks,

    Please have a look at the following link:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_admin.html#wp1078189
    On the CAM interface, you can export the current certificate and see its validity:
    Administration > Clean Access Manager >> SSL > X509 Certificate >> Select Cert and hit 'Export'
    Please rate if you find the input helpful
    Regards
    Farrukh

  • Clean access rules and Windows service pack 3

    I am having a small issue with our Clean Access Manager blocking any Windows XP computer that has service pack 3 installed. The main failure it is giving in the reports is this
    Failed Checks:
    pc_Windows-XP-SP2, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 2]
    pc_Windows-XP-SP1, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]
    The key that is there when sp3 is installed is this:
    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 3
    I have verified that pc_Windows-XP-SP1 and pc_Windows-XP-SP2 are there as well as created a check for service pack 3 eric_pc_Windows-XP-SP3 and added the check to the rules governing windows updates for XP pro/home and windows media edition. But for some reason they are not taking effect. The CAM is running version 4.1.3.1 and the the CAA is version 4.1.3.2. Any assistance would be greatly appreciated.
    Thank you,
    Eric

    Here is the configuration guide for the Clean Access Manager which will help you :
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_instal.html

  • Clean Access Agent MSI

    Does anyone know the msi commands to remove the shortcut on the desktop and not display the agent on the task bar?
    Thanks

    The Clean Access Agent provides local-machine agent-based vulnerability assessment and remediation for Windows clients. Users download and install the Clean Access Agent (read-only client software), which can check the host registry, processes, applications, and services. The Clean Access Agent can be used to perform antivirus or antispyware definition updates, distribute files uploaded to the Clean Access Manager, distribute website links to websites in order for users to download files to fix their systems, or simply distribute information/instructions.
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/m_agntd.html#wp1222379

  • Message:The Link that you requested is not present on this Clean Access Sys

    Hello:
    Someone have seen this message:
    The link that you requested is not present on this Clean Access System, if you reached this page by following a link from the user interface of the clean access Manager or Server,then please report this as a bug.
    We receive it with NAM 4.1.3 after Web Agent scan and authorizes users to login on the network.
    But the users appears on temporary role!

    Better solution is update the bookmarks, If the CAS was recently upgraded, then close and re-open the browser window and load CAS admin URL and try again you will not get any error message.

  • Clean Access Server could not establish a secure connection

    I have a OOB Real IP GW setup on v4.1.2
    I seem to have a problem with the CAS connecting to the CAM although I have added the CAS to the CAM and can manage the CAS from the CAM.
    I noticed while troubleshooting client authentication that the client was not being redirected to the logon web page and it had full access to the trusted network from the untrusted authentication vlan. I eventually figured out that if I change the CAS Filter Fallback method from Allow to ignore then it tries to authenticate the client. However the fact that the fallback is activated tells you that something is not right.
    I have 2 problems:
    A) The clients web page is redirected for authentication but it only lists the domain name in the URL and not the hostname or host IP. In the lab I do not have a DNS server and it would not help as it does not include the hostname in the URL anyway. How do I fix this or perhaps it's related to the 2nd problem.
    B) When I manually change the URL by replacing the domain name with the IP of the CAS (untrusted OOB Real IP GW) then I get the following error message when logging on:
    Network Error:
    Clean Access Server could not establish a secure connection to Clean Access Manager at mydomain.com.
    This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
    Please report this to your network administrator.
    I would guess the culprit is No 2 but surely the system can run on self signed certificates? I have an NTP server so time is in sync. I have even tried regenerating the cetificates on the CAM
    & CAS.
    Any ideas?

    To overcome problem B, I regenerated the SSL Certificates using the host IP address instead of the name for all the CAM & CAS appliances. This seems to have resolved this problem.
    I also SSH'd from each of the CAS's to each of the CAM's from the CLI and it then prompts to permanently store the certificates. I'm not sure it this was necessary though.

  • Confusion on Cisco clean access and Cisco NAC

    Dear Pros,
    I still confuse with the name mismatch as above. Please any one give me the correct NAC part number for both server and manager
    swamy

    Cisco Clean Access and NAC are the same.
    NAC is just the new naming.
    You can have NAC installed in two way, Framework or Appliance mode.
    I think Framework is not available anymore (I may be wrong).
    If you go with the appliance, you'll need a minimum of two. 1 for the CAM (Clean Access Manager) which manages the policies and 1 for the CAS (Clean Access Server) that is the "filter" between your authentication lan and your prod network.
    Dominic

  • NAC/Clean Access Server no longer intercepting Clients after upgrade

    We recently upgraded our CISCO Clean Access Manager and Server to version 4.8.2 from 4.8.0.  Everything seemed to be working fine but I had a user log in without having the NAC Agent running and they had full access.  We didn't change anything other than upgrading to the new version.  We have found that the user has access even before the Windows Agent is completed with the assessement of the client.  It worked fine before the upgrade....Again, we made no changes other than upgrading to the new version (no route changes, etc).
    I even tried an explicit deny for the user's workstation's mac and the NAC SErver still let him through....I am a bit perplexed...Thanks for any assistance.

    Hmm, i removed the line but it does not help me ?
    I did run following command in terminal:
    sudo pico /Library/Server/Mail/Config/postfix/main.cf
    Removed the "reject_non_fqdn_helo_hostname" from the line smtpd_helo_restrictions.
    Saved the file and restarted Mail service
    get this in  log when i try to send from a windows client with Outlook2010:
    Aug 15 17:42:09 lundmark.jetoma.se log[236]: auth: Error: od(annicalundmark,192.168.20.103): Authentication server failed to complete the requested operation.
    Aug 15 17:42:09 lundmark.jetoma.se log[236]: auth: Error: od(annicalundmark,192.168.20.103): authentication failed for user=annicalundmark, method=DIGEST-MD5
    Have tryed different ports like 25 and 587 with SSL, TLS and "none" in SMTP advanced settings on klient.
    I did use the same instructions before in Lion server and there it did work ?!
    Any more ideas ?
    regards
    Jörgen

  • Clean access agent 4.9 admin right

    Does clean access agent update from 4.8 to 4.9 need admin rights to update on the client machine?

    You need to talk to Cisco, it's their software, perhaps there is a update.

  • Cisco Clean Access OOB with virtual gateway

    I have set the clean access OOB virtual gateway mode, i put managed subnet one of unused ip with unauthenticated vlan,some of the pc running with dhcp so i put ip refresh after successful authentication (this working fine), but some of them running with static so i cannot refresh the ip address,
    after authentication through clean access clean access manager changing Unautheticated vlan(44) authenticated vlan (4), but i can't access internet and any other application through network (even with static ip and dhcp (if i put refresh dhcp ip i can) ), in pc arp cache i can see the orginal gateway mac address if i clear the arp cache with arp -d command the moment it start working how can solve this issue please help me guys
    thank you

    This document describes how to configure the syslog settings in order to log the events to an external server in the Cisco Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access (CA).
    http://www.cisco.com/en/US/products/ps6128/products_tech_note09186a008085d6e9.shtml

Maybe you are looking for

  • Getting rgb values from BufferedImage

    BufferedImage.getRGB(int x, int y) returns the colour of an image pixel as an integer. My problem is that i need the seperate red/blue/green components of this. Does anyone know how I can get these? Thanks.

  • Photoshop album starter edition 3.2

    Can anyone help me retreive my pictures from photoshop album starter edition 3.2 I have picutres on there of people who are no longer here

  • Should I bother with the Adobe Lens Profile Creator?

    I am concentrating mostly on architectural photography these days and I need a pep talk about the "Adobe Lens Profile Creator". The process seems laborious and error prone -  in other words it could end up being a waste of time and money (for the pri

  • LMS 4.2.4 intermittent Syslog issue

    Hi All, syslogs services on the LMS stops all of a sudden and doesn't reflect the current logs from the devices till we restart services. Performed below steps -> Found the device logs are making its way to syslog.log file(CSCOpx>logs) -> SyslogColle

  • Can't access latest version!

    I cannot open my current photo library using my iPhoto 7.1.5( orig.version). There was a latest version that was downloaded(I don't know what version it is) . I can't retrieve it to open my library. What do I need to do(options!) and how can I do it?