Cisco Cisco NAC Appliance 4.1.0

4-19

Cisco NAC Appliance - Clean Access Server Installation and Administration Guide

OL-12213-01

Chapter 4 Installing the Clean Access Server NAC Appliance

CAM/CAS Connectivity Across a Firewall

See the Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide for details
on which ports to open in a firewall to allow communication between the Clean Access Manager and
Clean Access Server(s).

Configuring the CAS Behind a NAT Firewall

If deploying the Clean Access Server behind a firewall (there is a NAT router between CAS and CAM),
you will need to perform the following steps to make the CAS accessible:

Connect to the CAS by SSH or use a serial console. Log in as root user.

Change directories to

/perfigo/agent/bin/

Edit the file

startagent

Locate the

JAVA_OPTS

variable definition in the file.

Add

-Djava.rmi.server.hostname=<

caserver1_hostname>

to the variable, replacing

caserver1_hostname

with the host name of the server you are modifying. For example:

JAVA_OPTS=”-server

-Djava.util.logging.config.file=/perfigo/agent/conf/logging.properties

-Dperfigo.jmx.context= ${PERFIGO_SECRET} -Xms40m -Xmx40m -Xincgc

-Djava.rmi.server.hostname=caserver1”

Restart the CAS by entering the

service perfigo restart

command.

Repeat the preceding steps for each Clean Access Server in your deployment.

Connect to the Clean Access Manager by SSH or using a serial console. Login as

root

Change directories to

/etc/

10.

Edit the hosts file by appending the following line:

<public_IP_address> <caserver1_hostname> <caserver2_hostname>

where:

–

public_IP_address

– The address that is accessible outside the firewall.

–

caservern_hostname

– The host name of each Clean Access Server behind the firewall.

The CASes should now be addressable behind the firewall.