NAC clean access agent page redirect

Similar Messages

• NAC Clean Access Agent Issue

  Hi,
  Can anyone tell me that If I want my user to download clean access agent so how can I achieve that...I have uploaded agent to my CAM but Im confused that should my user use web agent first then download the agent over network or he can download Clean agent directly ?

  Unlike the Clean Access Agent, the Cisco NAC Web Agent is not a "persistent" entity, thus it only exists on the client machine long enough to accommodate a single user session. Instead of downloading and installing an Agent application, once the user opens a browser window, logs in to the NAC Appliance web login page, and chooses to launch the temporal Cisco NAC Web Agent, an ActiveX control or Java applet (you specify the preferred method using the Web Client (ActiveX/Applet) option in the Administration > User Pages > Login Page configuration page) initiates a self-extracting Agent Stub installer on the client machine to install Agent files in a client's temporary directory, perform posture assessment/scan the system to ensure security compliance, and report compliance status back to the NAC Appliance system. During this period, the user is granted access only to the Temporary Role and if the client machine is not compliant for one or more reasons, the user is informed of the issues preventing network access and may do one of the following as mentioned in the below URL:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cam/m_cca.html#wp1130212

• NAC clean access agent (CCA) question

  Hi,
  Iam going through OOB NAC deployment and i have a question about the CCA agent that will be persistent on the clients machines , if a client leave his work with the laptop that has the CCA agent and will use it in home or any different network , will the agent affect on the laptop access in any different network or not??? and why??
  waiting your replies
  MAM

  Faisal
  thanks for your reply.
  please i have another question, if we integrate the NAC appliance with AD (enabling AD SSO feature) , will we need to do Mapping Rules on the CAM server or not ???
  MAM

• NAC - Clean Access Agents keeps poping up even when it's authenticated

  Hi All,
  I've setup OOB/IB/L3 NAC. after login to CAA, authentication happens and VLAN is changed on switch. But CAA pops up again and asks for usrename and password, even it's been already authenticated.
  any suggestion would be appreciated.
  Alex

  Alex,
  How are you forcing the traffic to the NAC? Using ACLs or PBRs?
  What you're describing indicates that you're more than likely using ACL method. If so, ensure that in your access subnet, you are disallowing traffic being sent to the CAS. After your client authenticates and is in the access VLAN, the agent would still continue to send out the discovery packets every 5 seconds, and if that traffic is allowed in the access VLAN, it will pop the agent up again.
  HTH,
  Faisal

• Nac appliance - clean access agent report

  Hi,
  I have been searching a lot, and I don't find any good explanation about how the clean access agent report works. I experienced that not all agent activity will be reported. Sometimes it showed up report about the "passed" and "failed" agent, but not at another time. Would someone give me explanation about when the agent will show up reports and it will not ? or did it show bugs ?
  Thanks in advance.

  Hi,
  does anybody experience this ? or Everything is going fine on your NAC ? I am using NAC 4.1.3.1.
  Thanks.

• Different between cisco NAC agent and cisco Clean Access Agent

  Hi all,
  if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
  thank you

  In 4.6, the agent was overhauled and is now called the NAC agent.  Previous versions were referred to as the Clean Access Agent.  So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
  Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging.

• Removing Cisco Clean Access Agent 4.5 (CCA)

  I'm more or less having trouble with uninstalling Cisco Clean Access Agent 4.5.0.0, so I can install CCA 4.1...
  I removed CCAAgent 4.5 + the files within "Library/ApplicationSupport/" and in "Library/Receipts"...yet when I try to install 4.1, it tells me there's a newer version of the software on this disk & won't let me install.
  I am on Snow Leopard, too - by the way.
  Any solutions to this?

  Tim:
  Seen this page yet....anything there help?
  http://www.cisco.com/en/US/docs/security/nac/appliance/configurationguide/45/cam/magntd.html#wp1276391
  Do you have a fresh backup if needed? Have you tried repairing permissions and checking for hidden files with a similar name?

• Clean Access Agent in Windows 8, 64 bit

  Hey guys,
  I posted this on another Cisco community site, someone there suggested I try here. He also gave me this page as a possible solution but I'm unable to download from the page as I don't have a service contract, I'm just a Dad trying to get his kid's computer online at school.
  http://www.cisco.com/cisco/software/release.html?mdfid=282855549&flowid=34712&softwareid=282573326&release=4.8.3&relind=AVAILABLE&rellifecycle=&reltype
  Kind of at our wit's end here. My daughter is at Mass Art in Boston with a nearly new computer (6 months old at most) with Windows 8 Pro and the Clean Access Agent isn't letting her connect saying she has no updated AV installed. However, we did have BitDefender installed and updated and I've seen BitDefender on a Cisco list on line somewhere, the tech department at the school also said that it should work. Thinking there might be a conflict with BitDefender and Windows Defender we uninstalled BitDefender but to no avail, the agent still won't allow access.
  Now the tech dept. at the school is telling her she has to reformat her hard drive (Ha!!) which is simply and completely unacceptable.
  Does anyone here know if the above link may solve our problem?
  Can someone send me the necessary files?
  Is there someone the school tech people can contact for this?
  Am I asking enough annoying questions?
  Many thanks for your time,
  Ken

  Hello Ajay,
  When I try to download either the "4.8.3 Patch for Windows 8 support" or the "4.8.3 Patch for Windows 8 Official support" it says I need a service contract. Which, of course, I don't have. I'm just a Dad trying to get his kids computer connected to the school's network!
  Do you know what the difference is between the "4.8.3 Patch for Windows 8 support" and the "4.8.3 Patch for Windows 8 Official support" downloads?
  Might you be able to email me what I need to [email protected]?
  I don't know how all of this works between the school and Cisco but if you can't send it to me might it be something the tech support people at the school can download? I would have to guess they do, indeed, have a service contract.
  Thanks again,
  Ken

• CISCO CLEAN ACCESS AGENT ALWAYS POPS-UP EVEN ALREADY AUTHENTICATED

  Hello,
  Just wonder why clean access agent always pops-up even already authenticated. Please how can i eliminate those multiple pops-up?
  thank you and best regards,
  Edwin

  Hi:
  I have the same issue. Would you please tell me what you did exactly?
  I am using OOB VGW mode.
  NAC version is 4.7.2
  Switch configurations:
  snmp-server community RO RO
  snmp-server community RW RW
  snmp-server location LOCATION
  snmp-server contact CONTACT
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move threshold
  snmp-server host CAM_IP version 2c RW  mac-notification snmp
  mac address-table notification change interval 0
  mac address-table notification change
  mac address-table aging-time 3600

• Clean Access Agent MSI

  Does anyone know the msi commands to remove the shortcut on the desktop and not display the agent on the task bar?
  Thanks

  The Clean Access Agent provides local-machine agent-based vulnerability assessment and remediation for Windows clients. Users download and install the Clean Access Agent (read-only client software), which can check the host registry, processes, applications, and services. The Clean Access Agent can be used to perform antivirus or antispyware definition updates, distribute files uploaded to the Clean Access Manager, distribute website links to websites in order for users to download files to fix their systems, or simply distribute information/instructions.
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/m_agntd.html#wp1222379

• Clean Access Agent can't popup

  Hi, we setup a CAS and CAM in L2 OOB virtuil gateway and the switch is a 3560 using SVI and L3 for routing. We can authenticate using web agent but there is a problem when using a Clean Access agent. I have configured the discovery host using the ip address of the CAM but the login doesn't popup. I changed the discovery host of the ip of the server and tried reinstalling the access agent but login doesn't popup. Do I need to reboot the server when i changed the ip of the discovery host?What do i need to configure on the CAM or CAS?

  For L2 or L3 deployments, the Clean Access Agent will pop up on the client if "Popup Login Window" is enabled on the Agent and the Agent detects it is behind the Clean Access Server. If the Agent does not pop up, this indicates it cannot reach the CAS.
  To Troubleshoot L2 Deployments:
  1. Make sure the client machine can get a correct IP address. Open a command tool (Start > Run > cmd) and type ipfconfig or ipconfig /all to check the client IP address information.
  2. If necessary, type ipconfig /release, then ipconfig /renew to reset the DHCP lease for the client.
  To Troubleshoot L3 Deployments:
  1. Check whether the Discovery Host field is set to the IP address of the CAM itself under Device Management > Clean Access > Clean Access Agent > Installation | Discovery Host. This field must be the address of a device on the trusted side and cannot be the address of the CAS.
  2. Uninstall the Clean Access Agent on the client.
  3. Change the Discovery Host field to the IP address of the CAM and click Update.
  4. Reboot the CAS.
  5. Re-download and re-install the Clean Access Agent on the client.
  Note The Login option on the Clean Access Agent is correctly disabled (greyed out) in the following cases:
  •For OOB deployments, the Agent user is already logged in through the CAS and the client port is on the Access VLAN.
  •For multi-hop L3 deployments, Single Sign-On (SSO) has been enabled and the user has already authenticated through the VPN concentrator (therefore is already automatically logged into Cisco NAC Appliance).
  •MAC address-based authentication is configured for the machine of this user and therefore no user login is required.

• Clean Access Agent error

  Hi there
  I don't know why, every time I try to log on to Clean Access agent I get this error message. (see attached doc.) It prevents me from logging on. Then I have to remove the program, turn off the pc. Turn on the pc again to reinstall the program for it to works.
  can anyone help?
  many thanks
  paul

  What version are you running of CCA Agent and NAC Appliance Server ?
  This is not normal behaviour so can you try to disable AV, Firewall etc and try running the Agent Again.
  The Agent will poll every 5 secs to discover the CAS, using the Discovery Host which will either be an IP or hostname. If it is a hostname make sure it is resolvable.
  Inti

• Clean access agent keep on running again and again

  Added some registry checks in NAC 4.5 after that Clean access Agent keeps on running again and again on the client(looping)
  Thanks

  Philip,
  Windows 7 wasn't supported with CCA till 4.7.x and agents also have to be 4.7.x
  Best approach would be to get to a supported version and then if that doesn't work we can work with you to see what might be causing this.
  HTH,
  Faisal

• Clean Access Agent Windows XP permission/Rights Issue

  Hi,
  I have a problem with Clean Access Agent.
  When a domain user installs the agent on the computer, only that user is able to login into the network using the CCAgent. Any other user who tries to login in on the same machine gets an error. In short, only the DOMAIN USER who installed the agent authenticates without a problem (or a user with administrative rights)
  The error that the second user gets is the same as the one here;
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddf8b7d
  I am not sure if this problem is related to this one;
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddfc848
  Anybody with ideas?
  Edd

  One quick fix could be to try restarting the HTTPD services. Although there should be no conflict if you install CSA and CCA, but you can uninstall CSA and check if other users are able to login on the same machine.

• NAC Clean Access Authentication not doing anything

  Hi!
  I have instaled an NAC solution, using oob with acl's.
  When i get to the Clean Access Authentication page, using the right user and password, or an worng one, the page keeps showing up, requesting to authenticate and without any errors.
  Did this happened to anyone?
  TKX
  Miguel

  Hi Miguel,
  The configuration so far looks OK.
  The only test I would suggest would be to keep the clients on a vlan/subnet different from the CAS untrusted IP's subnet.
  I am telling this because usually we have the following:
  1. Clients are being assigned to a trusted vlan/subnet, for which we have an IP address configured in the CAS as a managed subnet and assigned to that vlan.
  2. In this case, clients are getting an IP on the same subnet as the untrusted interface of the CAS, which is not doing any kind of vlan tagging.
  As a further test, you could for example keep the clients on a subnet that is not the same as the one for the CAS untrusted interface and add the corresponding managed subnet for that client vlan.
  Alternatively, you could configure the CAS untrusted interface to tag traffic on the same vlan where clients are getting an IP, but this is usually more tricky.
  This suggestion comes from the fact that what you are experiencing (clients continuously re-prompted for authentication) is often seen when the CAS is not configured for the proper managed subnets.
  One more thing to verify is that the user being authenticated is not falling under the Unauthenticated Role.
  This could happen for example when configuring an Authentication Provider with the default role as Unauthenticated and mapping rules: if mapping rules are not triggered correctly, the default Unauthenticated Role will be assigned and the client will keep getting the authentication prompt.
  If these further points didn't show any improvements, I would recommend to keep following this through a TAC Service Request:
  http://tools.cisco.com/ServiceRequestTool/create/launch.do
  Regards,
  Fede
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.