I have seen that issue in that lab and it was related to the routes that were on the client. The client was not routing the NAC response back to the tunnel. Correcting the split-tunnel list resolved the issue. That may be what's going on.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 14, 2010, at 12:29 PM, Kingsley Charles wrote: > Hi all > > I am in lab 17 with just 20 mins to go. I am trying the NAC with EzVPN. > > ciscoasa# sh run nac-policy > nac-policy eznac nac-framework > default-acl nac > reval-period 36000 > sq-period 300 > authentication-server-group rad > > ciscoasa# sh run access-list nac > access-list nac extended permit ip any any > > group-policy rem attributes > vpn-tunnel-protocol IPSec > split-tunnel-policy tunnelspecified > split-tunnel-network-list value split > nac-settings value eznac > address-pools value addr > > > The ezvpn tunnel is coming up but the nac admission is not happening. > > Am I missing any config? Appreciate your quick inputs. > > > With regards > Kings > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
