Specifications
7-14
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 7 User Management: Configuring Authentication Servers
Adding an Authentication Provider
Step 29 Select Use a certificate from this certification authority (CA) (Figure 7-9).
Figure 7-9 Use a certificate from this certification authority (CA)
Step 30
Click Browse, select the entry corresponding to your root certificate authority, and click OK.
Step 31 Click OK.
Step 32 Select the Tunnel Setting tab and ensure that the This rule does not specify and IPSec tunnel option
is specified. This option specifies that the system should use transport mode and not tunnel mode.
Step 33 Select the Connection Type tab and ensure that the All network connections option is enabled.
Step 34 Click OK.
Step 35 Click on the rule you created in the right pane and go to Action > Assign.
Step 36 Ping the ACS server IP address from the CAM to ensure they can see on another on the network.
Step 37 Navigate to the User Management > Auth Servers > Auth Test CAM web console page and perform
an Auth Test for this RADIUS server to verify connectivity, as described in Auth Test, page 7-39.
RADIUS Challenge-Response Impact On the Agent
If you configure the Clean Access Manager to use a RADIUS server to validate remote users, the
end-user Agent login session can accommodate extra authentication challenge-response dialogs not
available in other dialog sessions—beyond the standard user ID and password. This additional
interaction is due to the user authentication profile on the RADIUS server, itself, and does not require
any additional configuration on the Clean Access Manager. For example, the RADIUS server profile
configuration may feature an additional authentication challenge like verifying a token-generated PIN