Yeah that's exactly what I saw. Aside from making sure my split tunnel list was correct, another thing if I remember correctly had to do with installing the ACS certificate on XP.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 14, 2010, at 12:39 PM, Kingsley Charles wrote: > I am not getting response from cta. > > %ASA-5-334006: EAPoUDP failed to get a response from host - 10.2.2.201. > > What should I do? > > Let me check the cta status in the services > > With regards > Kings > On Thu, Apr 15, 2010 at 1:02 AM, Brandon Carroll <[email protected]> > wrote: > I have seen that issue in that lab and it was related to the routes that were > on the client. The client was not routing the NAC response back to the > tunnel. Correcting the split-tunnel list resolved the issue. That may be > what's going on. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > On Apr 14, 2010, at 12:29 PM, Kingsley Charles wrote: > > > Hi all > > > > I am in lab 17 with just 20 mins to go. I am trying the NAC with EzVPN. > > > > ciscoasa# sh run nac-policy > > nac-policy eznac nac-framework > > default-acl nac > > reval-period 36000 > > sq-period 300 > > authentication-server-group rad > > > > ciscoasa# sh run access-list nac > > access-list nac extended permit ip any any > > > > group-policy rem attributes > > vpn-tunnel-protocol IPSec > > split-tunnel-policy tunnelspecified > > split-tunnel-network-list value split > > nac-settings value eznac > > address-pools value addr > > > > > > The ezvpn tunnel is coming up but the nac admission is not happening. > > > > Am I missing any config? Appreciate your quick inputs. > > > > > > With regards > > Kings > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
