Hi James,
I had a similar problem just the other day. After contacting Cisco I was infromed that there is an issue with the self-signed Windoze2008 certificates and NAC. They don't play well together. He stated that the soon to be released version 4.6. Here's what I saw with the logs: When I reviewed the Cisco NAC CAM logs I found that the NAM certificate credentials had changed to the Windows certificate, however NAS had (even though the SSL page showed the Windows information) retained the temporary certificate. I engaged Cisco and after an hour was notified that the Windows 2008 certificates do not work with the Cisco NAC appliances. Cisco said the fix will be coming out in NAC release 4.6 which is 30-45 days away. Cheers, Greg Greg Schmitt, CCIE#8105 Presido > Date: Mon, 8 Jun 2009 10:41:40 -0400 > From: [email protected] > Subject: SSL logs > To: [email protected] > > Are there any log files on the CAS servers that would be a good place to > try and diagnose SSL communication problems between the CAS/CAM? (Ex: > The CAS does not like something on the CAM's certificate but is still > able to talk to the CAM and isn't producing an error message but will > not allow access for clients) > > Thanks, > James > > > > -- > James Simpson > Security Engineer > IT Services > Miami University > Oxford, OH > Office 513-529-1595 > Mobile 513-839-0083 _________________________________________________________________ Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009
