Cisco Cisco NAC Appliance 4.1.0
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
8-6
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 8 Integrating with Cisco VPN Concentrators
Configure Clean Access for VPN Concentrator Integration
Note
•
The enable/disable L3 feature is disabled by default, and ALWAYS requires an Update and Reboot
of the CAS to take effect. Update causes the web console to retain the changed setting until the next
reboot. Reboot causes the process to start in the CAS.
of the CAS to take effect. Update causes the web console to retain the changed setting until the next
reboot. Reboot causes the process to start in the CAS.
•
L3 and L2 strict options are mutually exclusive. Enabling one option will disable the other option.
See
Verify Discovery Host
There must be a Discovery Host enabled in order for the Clean Access Agent to discover the CAS in
VPN or L3 deployments. By default, the Discovery Host field is set to the IP address of the CAM.
Because the VPN concentrator acts as a router between the user and the CAS, the Agent uses the
Discovery Host to direct its UDP 8096 discovery packets to the network of the CAS. The CAS uses these
packets to learn that a Clean Access Agent is active, and discards the packets before they ever reach the
CAM. The Discovery Host field should be set in the CAM before the Agent is distributed and installed
on client machines.
VPN or L3 deployments. By default, the Discovery Host field is set to the IP address of the CAM.
Because the VPN concentrator acts as a router between the user and the CAS, the Agent uses the
Discovery Host to direct its UDP 8096 discovery packets to the network of the CAS. The CAS uses these
packets to learn that a Clean Access Agent is active, and discards the packets before they ever reach the
CAM. The Discovery Host field should be set in the CAM before the Agent is distributed and installed
on client machines.
1.
Go to Device Management > Clean Access > Clean Access Agent > Distribution .
2.
Verify the IP address for the Discovery Host field is either the IP address of the CAM (default), or
a trusted network IP address that requires traffic to be routed/forwarded via the CAS.
a trusted network IP address that requires traffic to be routed/forwarded via the CAS.
3.
If changing the Discovery Host, click the Update button.
See
, and the “ConfiguringAgent
Distribution/Installation ” section of the Cisco NAC Appliance - Clean Access Manager Installation and
Administration Guide for additional information.
Administration Guide for additional information.
Add VPN Concentrator to Clean Access Server
1.
Go to Device Management > CCA Servers > List of Servers > Manage [CAS_IP] >
Authentication > VPN Auth > VPN Concentrators.
Authentication > VPN Auth > VPN Concentrators.