Clean Acess Agent don't popup

hello
I use NAC for remote vpn conexion.
I don't have any problem with vpn.
I have the following problem:
when the response time from the client vpn (after that it connected to the vpn server) to CAS clean access server is greater than 600ms, the clean access agent don't popup but when it is lower than that (for exemple 150ms) the clean access agent popup.
are there any option to resolve this problem?
thank you for your help.

hello
I use:
Windows Clean Access Agent 
      Setup Version: 4.1.3.1
also the Clean Access Server has the same version 4.1.3.1

Similar Messages

  • Clean Access Agent can't popup

    Hi, we setup a CAS and CAM in L2 OOB virtuil gateway and the switch is a 3560 using SVI and L3 for routing. We can authenticate using web agent but there is a problem when using a Clean Access agent. I have configured the discovery host using the ip address of the CAM but the login doesn't popup. I changed the discovery host of the ip of the server and tried reinstalling the access agent but login doesn't popup. Do I need to reboot the server when i changed the ip of the discovery host?What do i need to configure on the CAM or CAS?

    For L2 or L3 deployments, the Clean Access Agent will pop up on the client if "Popup Login Window" is enabled on the Agent and the Agent detects it is behind the Clean Access Server. If the Agent does not pop up, this indicates it cannot reach the CAS.
    To Troubleshoot L2 Deployments:
    1. Make sure the client machine can get a correct IP address. Open a command tool (Start > Run > cmd) and type ipfconfig or ipconfig /all to check the client IP address information.
    2. If necessary, type ipconfig /release, then ipconfig /renew to reset the DHCP lease for the client.
    To Troubleshoot L3 Deployments:
    1. Check whether the Discovery Host field is set to the IP address of the CAM itself under Device Management > Clean Access > Clean Access Agent > Installation | Discovery Host. This field must be the address of a device on the trusted side and cannot be the address of the CAS.
    2. Uninstall the Clean Access Agent on the client.
    3. Change the Discovery Host field to the IP address of the CAM and click Update.
    4. Reboot the CAS.
    5. Re-download and re-install the Clean Access Agent on the client.
    Note The Login option on the Clean Access Agent is correctly disabled (greyed out) in the following cases:
    •For OOB deployments, the Agent user is already logged in through the CAS and the client port is on the Access VLAN.
    •For multi-hop L3 deployments, Single Sign-On (SSO) has been enabled and the user has already authenticated through the VPN concentrator (therefore is already automatically logged into Cisco NAC Appliance).
    •MAC address-based authentication is configured for the machine of this user and therefore no user login is required.

  • NAC agent don't popup on some computer

    Hi
    I use
    ISE version : 1.1.1.2 and NAC agent version : 4.9.0.42
    NAC agent  does not run on some computers and run on other(windows 7).
    What can be these problems?
    Please help
    Regards

    Please look in to this , it might help you
    Agent Login Dialog Not Appearing
    Symptoms or Issue
    The agent login dialog box does not appear to the user following client provisioning.
    Conditions
    This issue can generally take place during the posture assessment phase of any user authentication session.
    Possible Causes
    There are multiple possible causes for this type of issue. See the following Resolution descriptions for details.
    Resolution
    •Ensure that the agent is running on the client machine.
    •Ensure that the Cisco IOS release on the switch is equal to or more recent than Cisco IOS Release 12.2.(53)SE.
    •Ensure  that the discovery host address on the Cisco NAC agent or Mac OS X  agent is pointing to the Cisco ISE FQDN. (Right-click the NAC agent icon, choose Properties, and check the discovery host.)
    •Ensure  that the access switch allows Swiss communication between Cisco ISE and  the end client machine. Limited access ACL applied for the session  should allow Swiss ports:
    remark Allow DHCP
    permit udp any eq bootpc any eq bootps
    remark Allow DNS
    permit udp any any eq domain
    remark ping
    permit icmp any any
    permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
    permit tcp any host 80.0.80.2 eq www --> Provides access to internet
    permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
    port
    permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
    communication between NAC agent and ISE (Swiss ports)
    permit udp any host 80.0.80.2 eq 8905 --> This is for posture
    communication between NAC agent and ISE (Swiss ports)
    deny ip any any
    •If  the agent login dialog still does not appear, it could be a certificate  issue. Ensure that the certificate that is used for Swiss communication  on the end client is in the Cisco ISE certificate trusted list.
    •Ensure that the default gateway is reachable from the client machine.

  • Clean and get rid of popups and adware in mackbook pro,OSX 10.9.5

    clean and get rid of popups andadware in MacBook Pro, OS X 10.9.5

    Click here and follow the instructions, or if there’s a type of adware not covered by them on the computer, these ones. If you're willing to use a tool to remove it(you don't need to, but may find it easier), you can instead run Adware Medic; this link is a direct download.
    (120361)

  • Clean Access Agent in Windows 8, 64 bit

    Hey guys,
    I posted this on another Cisco community site, someone there suggested I try here. He also gave me this page as a possible solution but I'm unable to download from the page as I don't have a service contract, I'm just a Dad trying to get his kid's computer online at school.
    http://www.cisco.com/cisco/software/release.html?mdfid=282855549&flowid=34712&softwareid=282573326&release=4.8.3&relind=AVAILABLE&rellifecycle=&reltype
    Kind of at our wit's end here. My daughter is at Mass Art in Boston with a nearly new computer (6 months old at most) with Windows 8 Pro and the Clean Access Agent isn't letting her connect saying she has no updated AV installed. However, we did have BitDefender installed and updated and I've seen BitDefender on a Cisco list on line somewhere, the tech department at the school also said that it should work. Thinking there might be a conflict with BitDefender and Windows Defender we uninstalled BitDefender but to no avail, the agent still won't allow access.
    Now the tech dept. at the school is telling her she has to reformat her hard drive (Ha!!) which is simply and completely unacceptable.
    Does anyone here know if the above link may solve our problem?
    Can someone send me the necessary files?
    Is there someone the school tech people can contact for this?
    Am I asking enough annoying questions?
    Many thanks for your time,
    Ken

    Hello Ajay,
    When I try to download either the "4.8.3 Patch for Windows 8 support" or the "4.8.3 Patch for Windows 8 Official support" it says I need a service contract. Which, of course, I don't have. I'm just a Dad trying to get his kids computer connected to the school's network!
    Do you know what the difference is between the "4.8.3 Patch for Windows 8 support" and the "4.8.3 Patch for Windows 8 Official support" downloads?
    Might you be able to email me what I need to [email protected]?
    I don't know how all of this works between the school and Cisco but if you can't send it to me might it be something the tech support people at the school can download? I would have to guess they do, indeed, have a service contract.
    Thanks again,
    Ken

  • Nac agent delayed befor popup

    Dear ,
    i install nac system and working fine, but when the user loging in , the agent delay about 10 minutes before popup to the user, i don't know why the agent don't appear immedaitly after the pc finish startup.

    I only use OOB configurations, so I haven't tested IB configurations. However, you may see some issues in both configurations since the agent needs send user/PC information to the CAM.
    In our setup, the fact that the agent doesn't load until after the desktop comes up has produced a delay in total login time that can reach 20 minutes (I've timed it), depending on the situation. I haven't yet been able to determine what MSoft is trying talk to that it can't (the delay is waiting for a bunch of things to time out).
    Now, if the desktop is loaded and all user programs are running and it still takes 10 minutes for the popup, then the issue is probably with the discovery host (or lack of one) as you have been discussing with Faisal.

  • Nac appliance - clean access agent report

    Hi,
    I have been searching a lot, and I don't find any good explanation about how the clean access agent report works. I experienced that not all agent activity will be reported. Sometimes it showed up report about the "passed" and "failed" agent, but not at another time. Would someone give me explanation about when the agent will show up reports and it will not ? or did it show bugs ?
    Thanks in advance.

    Hi,
    does anybody experience this ? or Everything is going fine on your NAC ? I am using NAC 4.1.3.1.
    Thanks.

  • Clean Access Agent not loading automatically

    We have a SSL VPN environment that is directly dependent on our CAS, the Clean Acces Agent does not automatically load at our end users.  A need to browse or create traffic must be done for this Agent to load and then scan.  Would you know any issue for this to happen?

    Hello,
    Are you saying that the agent is installed, but it doesn't pop-up when you do VPN? If so, check the discovery host and make sure it has an IP address listed which lives on your trusted network. For most customers the CAM always is on the trusted network, so using the IP of the CAM should work.
    HTH,
    Faisal

  • Clean Access Agent error

    Hi there
    I don't know why, every time I try to log on to Clean Access agent I get this error message. (see attached doc.) It prevents me from logging on. Then I have to remove the program, turn off the pc. Turn on the pc again to reinstall the program for it to works.
    can anyone help?
    many thanks
    paul

    What version are you running of CCA Agent and NAC Appliance Server ?
    This is not normal behaviour so can you try to disable AV, Firewall etc and try running the Agent Again.
    The Agent will poll every 5 secs to discover the CAS, using the Discovery Host which will either be an IP or hostname. If it is a hostname make sure it is resolvable.
    Inti

  • NAC agent failing to popup

                       Dears,
    I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.
    When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
    Note: the NAC agent version is the following: nacagent-4.9.0.37.
    Any idea?
    Regards
    Zahi

    Hi Tarik,
    below are my answers:
    1- The content of the dACL:
    ip access-list extended POSTURE-REMEDIATION
    permit udp any any eq domain
    permit ip any host 10.10.10.125         >>>> antivirus server
    permit ip any 10.10.240.0 0.0.0.255   >>>> voice subnet
    permit ip any 10.10.31.0 0.0.0.255    >>>> quarantine vlan subnet
    permit ip any host 10.10.10.238        >>>> ip add of ISE1
    permit ip any host 10.10.10.239        >>>> ip add of ISE2
    permit ip any host 10.10.10.206        >>>> wsus server
    permit ip any host 10.10.10.10          >>>> domain 1
    permit ip any host 10.10.10.100          >>>> domain 2
    2- When I open a web browser, yes I get redirected to the nac agent download page
    3- outputs of the show authentication session interface fast 0/12, when the agent pops up with ISE1:
    sw#sho authentication sessions int fast 0/12
                Interface:  FastEthernet0/12
              MAC Address:  b8ac.6fc9.b26f
               IP Address:  10.10.31.2
                User-Name:  RJ\15592
                   Status:  Authz Success
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  single-host
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  31
                  ACS ACL:  xACSACLx-IP-POSTURE-REMEDIATION-4fe82900
         URL Redirect ACL:  ACL-POSTURE-REDIRECT
             URL Redirect:  https://RJ-ISE-1.rj.com:8443/guestportal/gateway?session
    Id=0A0A0C86000000186ADBBD8B&action=cpp
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A0A0C86000000186ADBBD8B
          Acct Session ID:  0x00000023
                   Handle:  0x31000018
    Runnable methods list:
           Method   State
           dot1x    Authc Success
           mab      Not run
    sw#sho authentication sessions int fast 0/12
                Interface:  FastEthernet0/12
              MAC Address:  b8ac.6fc9.b26f
               IP Address:  10.10.30.12
                User-Name:  RJ\15592
                   Status:  Authz Success
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  single-host
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  30
                  ACS ACL:  xACSACLx-IP-PERMIT_ALL_TRAFFIC-4f57e406
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A0A0C86000000186ADBBD8B
          Acct Session ID:  0x00000023
                   Handle:  0x31000018
    Runnable methods list:
           Method   State
           dot1x    Authc Success
           mab      Not run
    outputs of the show authentication session interface fast 0/12, when the agent pops up with ISE2:
    sw#sho auth sessions int fast 0/12
                Interface:  FastEthernet0/12
              MAC Address:  0025.6458.8409
               IP Address:  10.10.31.8
                User-Name:  RJ\15946
                   Status:  Authz Success
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  single-host
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  31
                  ACS ACL:  xACSACLx-IP-POSTURE-REMEDIATION-4fe82900
         URL Redirect ACL:  ACL-POSTURE-REDIRECT
             URL Redirect:  https://RJ-ISE-2.rj.com:8443/guestportal/gateway?session
    Id=0A0A0C86000000206AF3FAC1&action=cpp
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A0A0C86000000206AF3FAC1
          Acct Session ID:  0x0000002B
                   Handle:  0x2C000020
    Runnable methods list:
           Method   State
           dot1x    Authc Success
           mab      Not run
    you may find attached also the pcap file of the client machine when it is authenticating with the ISE2.
    Thank you in advance
    Zahi
    Message was edited by: ZAHI BOU KHALIL

  • Problem with Clean Access Agent and Windows Updater

    I have a problem with a laptop when using Cisco Clean Access Agent. The agent keeps directing the laptop to get updates from the Windows Update site, but when I have connected the laptop via cable, windows updates tells me there are no updates either essential or optional. The laptop is a Sony VIVO VGN-FJ270 running XP Home Edition SP2 and the Clean Access Agent is version 4.0.2.1
    Any help is appreciated!!

    Verify the allowed hosts in CCA agent.
    Try these link:
    http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html
    http://www.cisco.com/en/US/products/ps6128/products_qanda_item09186a00803b7a81.shtml

  • Removing Cisco Clean Access Agent 4.5 (CCA)

    I'm more or less having trouble with uninstalling Cisco Clean Access Agent 4.5.0.0, so I can install CCA 4.1...
    I removed CCAAgent 4.5 + the files within "Library/ApplicationSupport/" and in "Library/Receipts"...yet when I try to install 4.1, it tells me there's a newer version of the software on this disk & won't let me install.
    I am on Snow Leopard, too - by the way.
    Any solutions to this?

    Tim:
    Seen this page yet....anything there help?
    http://www.cisco.com/en/US/docs/security/nac/appliance/configurationguide/45/cam/magntd.html#wp1276391
    Do you have a fresh backup if needed? Have you tried repairing permissions and checking for hidden files with a similar name?

  • Cisco Clean Access Agent patch?

    I just upgraded to Snow Leopard today without realizing that my campus uses Cisco's Clean Access Agent to allow access to the network. Every time I try to log in log in it tells me "Agent user operator system not supported." It is version 4.6.0.3. I realize now that this is not a campus problem, but more likely a program problem. Is there any word on a way around this or a patch in the near future?
    Thanks.

    The same issue occurred on my campus. Cisco claims they will fix the problem between 3 and 90 days.

  • NAC Clean Access Agent Issue

    Hi,
    Can anyone tell me that If I want my user to download clean access agent so how can I achieve that...I have uploaded agent to my CAM but Im confused that should my user use web agent first then download the agent over network or he can download Clean agent directly ?

    Unlike the Clean Access Agent, the Cisco NAC Web Agent is not a "persistent" entity, thus it only exists on the client machine long enough to accommodate a single user session. Instead of downloading and installing an Agent application, once the user opens a browser window, logs in to the NAC Appliance web login page, and chooses to launch the temporal Cisco NAC Web Agent, an ActiveX control or Java applet (you specify the preferred method using the Web Client (ActiveX/Applet) option in the Administration > User Pages > Login Page configuration page) initiates a self-extracting Agent Stub installer on the client machine to install Agent files in a client's temporary directory, perform posture assessment/scan the system to ensure security compliance, and report compliance status back to the NAC Appliance system. During this period, the user is granted access only to the Temporary Role and if the client machine is not compliant for one or more reasons, the user is informed of the issues preventing network access and may do one of the following as mentioned in the below URL:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cam/m_cca.html#wp1130212

  • Cisco Clean Access agent for Ipad

    My university uses Cisco Clean Access agent for wifi.
    I have been able to login using the alotted password through Safari, however the next step is a prompt to download Clean Access Agent.
    When I try to download the application, Safari prompts that the file can not be downloaded.
    Any suggestions for this problem so that I can use my Ipad at campus.

    The only things you can download are on the App Store. Check there, but I'm mostly sure that there is no Cisco Clean Agent available for iphone.

Maybe you are looking for