11-17-2015 04:35 AM
Is there a way to send from ClearPass RADIUS_CoA dACL to Cisco ASA VPN ?
For example the OnGuard Agent finished the NAC health checks when the user connected to the VPN,
and I want to send the ClearPass a RADIUS_CoA dACL to Cisco ASA, if the health check result is quarantine or allow all.
11-17-2015 05:39 AM - edited 11-17-2015 05:40 AM
So, if I send a generic Cisco Coa Reauthenticate session or generic Cisco Coa Terminate session nothing happens. I sent a RADIUS:Cisco Cisco-IP-Downloadable-ACL deny ip any any nothing happens.
So, my question is what attributes should to be send by the clearpass to the Cisco ASA in coa message if we want to change a user ACL list after a NAC check.