Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - SECURITY
      - CISCO NAC APPLIANCE (CLEAN ACCESS)
        GENERAL INFORMATION
        COMPATIBILITY INFORMATION
        Support Information for Cisco NAC Appliance Agents, Release 4.5 and Later

Cisco NAC Appliance (Clean Access)

Support Information for Cisco NAC Appliance Agents, Release 4.5 and Later

Downloads

Support Information for Cisco NAC Appliance Agents, Release 4.5 and Later

Table Of Contents

Support Information for Cisco NAC Appliance Agents, Release 4.5 and Later

Cisco NAC Appliance Agent System Requirements

Cisco NAC Appliance Agent/Server Version Compatibility

Cisco NAC Appliance Agent/OS/Browser Support Matrix

Cisco NAC Windows Agent Browser/Java Support

Mac OS X Agent/Browser/Java Support

Linux Fedora Browser/Java Support

Windows Clean Access Agent Browser/Java Support

Cisco NAC Appliance Agent/AD Server Compatibility for AD SSO

Cisco NAC Agent Localized Language Support

Clean Access Agent Localized Language Template Support

Supported OS Locales

Support Information for Cisco NAC Appliance Agents, Release 4.5 and Later

Revised: November 25, 2009, OL-18184-01

This document provides the following information for Cisco NAC Appliance Release 4.5 and later:

•Cisco NAC Appliance Agent System Requirements

•Cisco NAC Appliance Agent/Server Version Compatibility

•Cisco NAC Appliance Agent/OS/Browser Support Matrix

•Cisco NAC Appliance Agent/AD Server Compatibility for AD SSO

•Cisco NAC Agent Localized Language Support

•Clean Access Agent Localized Language Template Support

Cisco NAC Appliance Agent System Requirements

Table 1 Minimum Requirements for Cisco NAC Appliance Agents

Cisco NAC Appliance Agent

Required Hard Drive Space

Cisco NAC Agent (Windows)

15 MB

Clean Access Agent (Windows)

10 MB

Mac OS X Clean Access Agent

Cisco NAC Web Agent (temporal)

Cisco NAC Appliance Agent/Server Version Compatibility

Table 2 shows Clean Access Server and Agent compatibility between 4.6(1)/4.5(x)/4.1(x) CAM/CAS releases and 4.1.2.x and later Agent versions for Windows XP/Vista and Mac OS 10.4/10.5 client operating systems. Agent client versions listed as compatible can perform basic login/logout for the CAM/CAS version listed and provide the minimum features available for that Agent version or CAM/CAS version (whichever is lower). Note that the maximum AV/AS support available is determined by the maximum version of the Agent on the client as well as the maximum version of the Cisco NAC Agent or Clean Access Agent Setup/Patch (upgrade) file uploaded to the CAM. For example:

•4.1(3) CAM/CAS with 4.1.3.0 Agent Setup file and 4.1.6.0 Agent Patch file provides 4.1.6.0 Agent AV/AS support for 4.1.6.0 clients.

•4.1(3) CAM/CAS with 4.1.3.0 Agent Setup file and 4.5.0.0 Agent Patch file provides 4.5.0.0 Agent AV/AS support for client machines.

•4.5 CAM/CAS with 4.5.0.0 Agent Setup file and 4.5.0.0 Agent Patch file provides 4.1.2.2 Agent AV/AS support for 4.1.2.2 clients.

•4.6(1) CAM/CAS with 4.5.1.0 Agent Installation file provides 4.5.1.0 Agent AV/AS support for 4.5.1.0 clients.

•A 4.5(1) CAM/CAS with 4.6.2.113 Agent Installation file provides 4.6.2.113 Agent AV/AS support for 4.6.2.113 clients, but the Agent must operate as an English-only entity—you cannot take advantage of the native operating system localization support available to Cisco NAC Agent users who are logging in to a 4.6(1) CAM/CAS network.

•A release 4.7(0) FIPS 140-2 compliant CAM/CAS with the 4.7.1.15 Agent Installation file provides 4.7.1.15 Agent AV/AS support for Windows XP/Vista client machines

•A release 4.7(1) CAM/CAS with the 4.7.1.511 Agent Installation file provides 4.7.1.511 Agent AV/AS support for Windows 2000/XP/Vista/7 client machines

•A release 4.7(x) (non-FIPS) CAM/CAS with the 4.7.1.511 Agent Installation file provides 4.7.1.511 Agent AV/AS support for Windows 2000/XP/Vista/7 client machines

Table 2 Cisco NAC Appliance Server/Agent Compatibility

CAM/CAS Version

Cisco NAC Agent Version

Clean Access Agent Version (Windows XP/Vista) ¹

Clean Access Agent Version (Mac OS 10.4, 10.5, 10.6) ¹^,²

4.7(1)

4.7.1.511
4.7.1.15 ³
4.6.2.113

4.5.2.0
4.5.1.0
4.5.0.0

4.7.1.506 ⁴
4.7.0.2
4.6.0.3
4.5.0.0

4.1.10.0
4.1.8.0
4.1.7.0
4.1.6.0
4.1.3.2

4.1.3.1

4.7

4.7.1.511
4.7.1.15 ³4.6.2.113

4.5.2.0
4.5.1.0
4.5.0.0

4.7.0.2
4.6.0.3
4.5.0.0

4.1.10.0
4.1.8.0
4.1.7.0
4.1.6.0
4.1.3.2

4.1.3.1

4.6(1)

4.7.1.511
4.7.1.15
4.6.2.113

4.5.2.0
4.5.1.0
4.5.0.0

4.6.0.3
4.5.0.0

4.1.10.0
4.1.8.0
4.1.7.0
4.1.6.0
4.1.3.2

4.1.3.1

4.5(1)
4.5(0)

4.7.1.511
4.7.1.15
4.6.2.113 ⁵

4.5.2.0
4.5.1.0
4.5.0.0

4.5.0.0

4.1.10.0
4.1.8.0
4.1.7.0
4.1.6.0
4.1.3.2
4.1.2.2

4.1.3.1
4.1.2.0

4.1(8) ⁶4.1(6)

4.7.1.511
4.7.1.15
4.6.2.113 ⁵

4.5.2.0
4.5.1.0 ⁶4.5.0.0 ⁶

4.5.0.0 ⁶

4.1.10.0
4.1.8.0
4.1.7.0
4.1.6.0
4.1.3.2
4.1.2.2

4.1.3.1
4.1.2.0

4.1.3.1 ⁶

4.7.1.511
4.7.1.15
4.6.2.113 ⁵

4.5.2.0
4.5.1.0 ⁶4.5.0.0 ⁶

4.5.0.0 ⁶

4.1.7.0
4.1.6.0
4.1.3.2
4.1.2.2

4.1.3.1
4.1.2.0

¹The maximum available AV/AS support is determined by both the maximum version of the Clean Access Agent on the client and the maximum version of the Clean Access Agent Setup or Patch (upgrade) file uploaded to the CAM.

²Only Mac OS X Agent 4.5.0.0 and later provides posture assessment, remediation, and AV/AS support. Mac OS X Agent 4.1.2.0 provides authentication only; MAC OS X Agent 4.1.3.0 and greater provide authentication and auto-upgrade support. For full 4.5 feature support (e.g. Mac OS posture), the 4.5.x.x or later Agent must be run with a release 4.5 or later CAM/CAS.

³Cisco NAC Agent version 4.7.1.15 is the only Agent version that supports FIPS 140-2 compliance.

⁴Mac Agent version 4.7.1.506 is the only Mac OS X Agent that supports the Mac OS 10.6 (Snow Leopard) operating system.

⁵When you install the Cisco NAC Agent, the Agent installer automatically detects the client operating system locale and installs to match. This can break Agent-CAM/CAS communication if the CAM/CAS are not also running release 4.6(1) or later, because the Agent does not automatically default to English-only operation on the client machine, as would be required to restore successful Agent-to-CAM/CAS communication. To work around this potential issue, the user must force the English locale on the client machine after upgrading to/installing Agent version 4.6.2.113 or later on the client machine.

⁶The 4.1(x) CAM/CAS cannot download 4.5.x.x and later Agents from Cisco Updates.

,

Cisco NAC Appliance Agent/OS/Browser Support Matrix

This section lists the operating systems, web browsers, and Java versions known to work with the Cisco NAC Appliance Agents, version 4.5.0.0 and later.

•Cisco NAC Windows Agent Browser/Java Support

•Mac OS X Agent/Browser/Java Support

•Linux Fedora Browser/Java Support

•Windows Clean Access Agent Browser/Java Support

For Web Login on all operating systems, the ActiveX/Java Applet web client used for L3 MAC address/OS detection and for OOB IP refresh/renew after posture assessment is supported for the web browsers and Java versions listed in each operating system support table.

Cisco NAC Windows Agent Browser/Java Support

Table 3 provides CAM/CAS version, browser, and Java JRE compatibility information for web login methods as well as the Cisco NAC Agent (version 4.6.2.113 and later) and Cisco NAC Web Agent that you can install and run on Windows operating systems.

Table 3 Cisco NAC Windows Agent Browser/Java Support

Operating System
(English OS Language) ¹

Supported Cisco NAC Appliance Versions

Supported Browsers²

Java Version ³

Cisco NAC Agent ⁴

Web Login ⁵

Web Agent ⁶

CAM/ CAS

L3 MAC (ActiveX/ Applet)

Version

Web Agent (ActiveX/Applet) ⁷,⁸

Windows 2000, SP4

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 1.5.0.12
Firefox 3.0.3

1.5.0_01 ⁹

Internet Explorer 6.0.2
Internet Explorer 7

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 1.5.0.12

1.5.0_01

Internet Explorer 6.0

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 1.5.0.12

1.5.0_01

Internet Explorer 6.0

Windows XP Media Center Edition, SP2, SP3

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Internet Explorer 8

1.6.0_17

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Internet Explorer 6.0, 7.0

1.6.0_14

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

Windows XP Tablet PC, SP2, SP3

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3
Firefox 3.5.1

1.6.0_17

Internet Explorer 8

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Internet Explorer 6.0, 7.0

1.6.0_14

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

Windows XP Home, SP2

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 2.0.0.27
Firefox 3.5.5

1.5.0_13
1.6.0_17

Internet Explorer 6.0, 7.0, and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

—

—

Internet Explorer 6.0, 7.0

1.5.0_13

Firefox 2.0.0.27

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

—

—

Firefox 2.0.0.27

1.5.0_13

Windows XP Professional, SP2, SP3

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3
Firefox 3.5.1
Firefox 3.5.5

1.6.0_17

Internet Explorer 6.0, 7.0, and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

Windows XP Professional x64, SP2

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3
Firefox 3.5.1
Firefox 3.5.5

1.6.0_17

Internet Explorer 6.0, 7.0, and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 6.0, 7.0, and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 6.0, 7.0, and 8.0

Windows Vista ¹⁰ SP1, SP2

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3

1.6.0_11
1.6.0_14

Internet Explorer 7.0 and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 7.0 and 8.0

1.6.0_14

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 7.0 and 8.0

1.6.0_14

Windows Vista x64 ¹⁰SP1, SP2

4.7.1.511
4.7.1.15
4.6.2.113

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3
Firefox 3.5.2

1.6.0_14

Internet Explorer 7.0 and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3
Firefox 3.5.2

1.6.0_14

Internet Explorer 7.0 and 8.0

4.7.1.511
4.7.1.15
4.6.2.113

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 7.0 and 8.0

Windows 7 Professional

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Internet Explorer and 8.0

1.6.0_16

Windows 7 Professional x64

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Internet Explorer and 8.0

1.6.0_16

Windows 7 Ultimate

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.5.3

1.6.0_16

Internet Explorer and 8.0

Windows 7 Ultimate x64

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.15
Firefox 3.5.3

1.6.0_16

Internet Explorer and 8.0

Windows 7 Enterprise

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.5.3

1.6.0_16

Internet Explorer and 8.0

Windows 7 Enterprise x64

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.15
Firefox 3.5.3

1.6.0_16

Internet Explorer and 8.0

Windows 7 Home Premium

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.5.3

1.6.0_16

Internet Explorer and 8.0

Windows 7 Home Premium x64

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.15
Firefox 3.5.3

1.6.0_16

Internet Explorer and 8.0

Windows 7 Home Basic

4.7.1.511

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Internet Explorer and 8.0

1.6.0_16

¹Cisco NAC Appliance does not support "starter" editions of Windows operating systems.

²ActiveX is only supported on the Internet Explorer browser.

³Java version 1.5 is the minimum version required for Java Applet support.

⁴Testing on international languages has been verified with ActiveX. Although Cisco believes the installer runs successfully in the foreign language with Java, this has not been verified. In the event of a Java installer issue, Cisco NAC Agent installation on international language operating systems defaults to English.

⁵Web login is not supported on 64-bit versions of Internet Explorer.

⁶If users are logging in via the Web Agent in a Windows 7 environment and have proxy connections configured on Internet Explorer, they must enable "Protected Mode" in the browser's security settings to enable Web Agent download on the client machine.

⁷The temporal Cisco NAC Web Agent can be launched from the Web Login Facilitator using ActiveX from the Internet Explorer versions or via Java applet from the web browsers listed as supported for Windows systems.

⁸To avoid ActiveX initiation issues that could affect Agent download and web login functions, ensure users logging in via Windows 7 client machines maintain "elevated privileges" on the system by keeping the User Access Control (UAC) settings at the "default" level.

⁹Java version 1.4.2_15 does not work for Firefox on Windows 2000, SP4 client machines.

¹⁰Includes all Vista operating systems (Business, Home, Ultimate, Enterprise), both Service Pack1 and Service Pack 2.

Mac OS X Agent/Browser/Java Support

Table 4 provides CAM/CAS version, browser, and Java JRE compatibility information for Apple operating systems on Macintosh client machines.

Note For full 4.5 and later features (e.g. Mac OS X posture assessment), the 4.5.x.x Agent must be run with release 4.5 or later CAM/CAS.

Table 4 Mac OS X Browser/Java Support

Operating System ¹
(English OS Language)

Mac OS X Clean Access Agent

Web Login on CAM/CAS

Supported Browsers

Java Version ²

iPhone OS 1.1.1 and later³

N/A

4.5

Safari (Firmware 1.1.1)

—

Mac OS X 10.4.11 "Tiger"

4.7.1.506
4.7.0.2
4.6.0.3
4.5.0.0

4.7(x)
4.6(1)
4.5

Firefox 3.5.5
Safari 4.0.4

1.5.0_19

Mac OS X 10.5.8 "Leopard"

4.7.1.506
4.7.0.2
4.6.0.3

4.7(x)
4.6(1)

Firefox 3.5.5
Safari 4.0.4

1.5.0_20
1.6.0_15

Mac OS X 10.6.2 "Snow Leopard" (32- and 64-bit) ⁴

4.7.1.506

4.7(1)

Firefox 3.5.5
Safari 4.0.4

1.6.0_15

¹Mac OS X Agent version 4.7.1.506 does not support any 64-bit Macintosh PowerPC operating systems.

²Java 1.5 is the minimum version required for Java Applet support.

³Cisco NAC Appliance recognizes iPhone OS as "Macintosh All" and supports basic web login only if Safari (default) or Firefox browsers are used.

⁴The Cisco Mac OS X VPN Client version 4.9.01.0180 and AnyConnect version 2.3.2016 do not work when the client machine is running Mac OS X 10.6 in 64-bit mode. Cisco recommends using the built-in Mac OS X 10.6 Cisco IPSec client when connecting via VPN.

Linux Fedora Browser/Java Support

Table 5 provides CAM/CAS version, Java applet, browser, and Java JRE compatibility information for Linux Fedora operating systems.

Table 5 Linux Fedora Browser/Java Support

Operating System
(English OS Language)

Web Login

Supported Browsers

Java Version ¹

CAM/ CAS

L3 MAC Address (Java Applet) ²

Linux Fedora 4

4.5

2.2.2.0

Mozilla Firefox 1.0.4

Sun JRE 1.4.2

Linux Fedora Core 8 ³^, ⁴

4.5(1)

2.2.2.0

Mozilla Firefox 3.0.6, 2.0.0.16

Sun JRE 1.6.0_07-b06

Linux Fedora Core 9 (Sulphur) ³^, ⁴

4.5(1)

2.2.2.0

Mozilla Firefox 3.0.6

Sun JRE 1.6.0_12-b04

4.7(1)

2.5.0.0

Mozilla Firefox 3.0b5

Sun JRE 1.6.0_16

Linux Fedora Core 10 (Cambridge)³^, ⁴

4.5(1)

2.2.2.0

Mozilla Firefox 3.0.4

Sun JRE 1.6.0_12-b04

4.7(1)

2.5.0.0

Mozilla Firefox 3.0.4

Sun JRE 1.6.0_16

Linux Fedora Core 11 (Leonidas)

4.7(1)

2.5.0.0

Mozilla Firefox 3.5b4

Sun JRE 1.6.0_16

Ubuntu 9.04

4.7(1)

2.5.0.0

Mozilla Firefox 3.0.8

Sun JRE 1.6.0_16

CentOS 5.3

4.7(1)

2.5.0.0

Mozilla Firefox 3.0

Sun JRE 1.6.0_16

¹Java version 1.5 is the minimum version required for Java Applet support.

²For Linux OS clients, Web Login is supported in L2/L3 IB modes, and L2 OOB mode. In L3 OOB mode, the L3 MAC Address Detection Java Applet is required to obtain the MAC address of the client and refresh the IP address when necessary.

³To support IP refresh/renew, "#Defaults requiretty" must be commented out in the /etc/sudoers file on the Linux client. If not commented, the applet used for IP refresh/renew fails with error "sudo: sorry, you must have a tty to run sudo" if the script is called by the applet. PortBounce occurs on Fedora 8/9/10 clients during the IP Refresh after authentication.

⁴Supported for root and non-root users. Tested for Cisco NAC Appliance Release 4.5(1) and 4.1(8).

Windows Clean Access Agent Browser/Java Support

Table 6 provides CAM/CAS version, browser, and Java JRE compatibility information for web login methods as well as the pre-release 4.6(1) Clean Access Agent (version 4.5.0.0 through 4.5.2.0) and Cisco NAC Web Agent that you can install and run on Windows operating systems.

Table 6 Windows Clean Access Agent Browser/Java Support

Operating System
(English OS Language) ¹

Win Clean Access Agent ²

Web Login ³

Web Agent

Supported Browsers ⁴

Java Version ⁵

CAM/ CAS

L3 MAC (ActiveX/Applet)

Version

Web Agent (ActiveX/Applet) ⁶

Windows 2000, SP4 ⁷

4.5.2.0
4.5.1.0
4.5.0.0

4.5

2.0.3.0/ 2.0.3.0

4.5.0.0

2.0.3.0/ 2.0.3.0

Firefox 2.0.0.8

1.6.0_07

Internet Explorer 6.0

Windows XP Tablet PC, SP2, SP3

4.5.2.0
4.5.1.0
4.5.0.0

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

4.5.2.0
4.5.1.0
4.5.0.0

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

4.5.2.0
4.5.1.0
4.5.0.0

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

Windows XP Professional, SP2, SP3

4.5.2.0
4.5.1.0
4.5.0.0

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

4.5.2.0
4.5.1.0
4.5.0.0

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

4.5.2.0
4.5.1.0
4.5.0.0

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 6.0, 7.0, and 8.0

1.6.0_14

Windows XP Professional x64, SP2

4.5.2.0
4.5.1.0
4.5.0.0

4.7(1)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 6.0, 7.0, and 8.0

4.5.2.0
4.5.1.0
4.5.0.0

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 6.0, 7.0, and 8.0

4.5.2.0
4.5.1.0
4.5.0.0

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 6.0, 7.0, and 8.0

Windows Vista ⁸ SP1, SP2

4.5.2.0
4.5.1.0
4.5.0.0

4.7(0)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 7.0 and 8.0

1.6.0_14

4.5.2.0
4.5.1.0
4.5.0.0

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 7.0 and 8.0

1.6.0_14

4.5.2.0
4.5.1.0
4.5.0.0

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_11

Internet Explorer 7.0 and 8.0

1.6.0_14

Windows Vista x64 ¹⁰SP1, SP2

4.5.2.0 ⁹
4.5.1.0
4.5.0.0

4.7(0)

2.6.0.0/ 2.6.0.0

4.7.1.504

2.6.0.0/ 2.6.0.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 7.0 and 8.0

4.5.2.0
4.5.1.0
4.5.0.0

4.7(0)

2.3.0.0/ 2.2.2.0

4.7.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 7.0 and 8.0

4.5.2.0
4.5.1.0
4.5.0.0

4.6(1)

2.3.0.0/ 2.2.2.0

4.6.0

2.3.0.0/ 2.2.2.0

Firefox 3.0.3

1.6.0_14

Internet Explorer 7.0 and 8.0

¹Cisco NAC Appliance does not support "starter" editions of Windows operating systems.

²The Clean Access Agent only fully supports authentication/posture assessment/remediation on 32-bit operating systems. Any client OS not listed is not supported, even if the Agent can be installed on the client (e.g. Embedded XP is not supported).

³Web login is not supported on 64-bit versions of Internet Explorer.

⁴ActiveX is only supported on the Internet Explorer browser.

⁵Java version 1.5 is the minimum version required for Java Applet support.

⁶The temporal Cisco NAC Web Agent can be launched from the Web Login Facilitator using ActiveX from the Internet Explorer versions or via Java applet from the web browsers listed as supported for Windows systems.

⁷Agent (4.1.3.0 or later) login to Windows 2000 system with Local DB authentication to CAM and requirements configured requires a system restart. See the Release Notes for Cisco NAC Appliance, Version 4.5 for details.

⁸Includes all Vista operating systems (Business, Home, Ultimate, Enterprise), both Service Pack1 and Service Pack 2.

⁹Clean Access Agent/Cisco NAC Web Agent support authentication only on 64-bit Windows systems. The Agent does not perform posture assessment or Nessus scanning. To support x64 Windows, the CAM/CAS/Agent must all be running same release (e.g. 4.5/4.5.0.0).

Cisco NAC Appliance Agent/AD Server Compatibility for AD SSO

Cisco NAC Appliance supports Windows Single Sign-On (SSO) on Windows 7/Vista/XP/2000 client machines and Active Directory on Windows 2000/2003/2008 Servers, as shown in Table 7.

Note 64-bit versions of Windows Server 2008 are not supported.

Cisco NAC Web Agent does not support SSO functions.

Table 7 Cisco NAC Appliance Support for Windows Active Directory SSO

CAM/CAS Version

Active Directory (AD) Servers ¹

ktpass.exe Version Required

Client Machines ²

FIPS 140-2 Compliant

4.7(0)

Windows 2008 Server Enterprise SP1³^{, ⁴}

6.0.6001.18000

Windows Vista ⁵

Non-FIPS

4.7(1)

•Windows 2008 Server Enterprise SP1 (32-bit)

•Windows 2008 Server Enterprise SP2 (32- and 64-bit)

•Windows 2003 Enterprise SP1

•Windows 2003 Enterprise R2 SP2

•Windows 2003 Standard SP1

6.0.6001.18000

6.0.6002.18005

•Windows 7 Professional

•Windows 7 Ultimate

•Windows 7 Enterprise

•Windows 7 Home Premium

•Windows 7 Home Basic

•Windows Vista ⁵

•Windows XP

•Windows 2000 SP4

4.7
4.6(1)
4.5(x)
4.1(8)
4.1(6)
4.1(3)+

•Windows 2000 Server SP4

•Windows 2003 Enterprise SP1

•Windows 2003 Enterprise R2 SP2

•Windows 2003 Standard SP1 ⁶

5.2.3790.0

•Windows Vista

•Windows XP Professional SP2, SP3

•Windows 2000 SP4

4.7
4.6(1)
4.5(1)
4.1(8)

Windows 2008 Server Enterprise SP1 ³

6.0.6001.18000

¹ 64-bit versions of Windows 2003 Enterprise are not supported.

²AD SSO requires the Cisco NAC Agent to be installed on client systems (for example, you cannot use a Linux Kerberos client for AD SSO with Cisco NAC Appliance.)

³Single Domain AD SSO is supported on Windows 2008 Enterprise SP1. Windows 2008 Server Standard has not been tested. 64-bit versions of Windows Server 2008 are not supported.

⁴To support AD SSO on the Windows 2008 server, you must:
- Apply Microsoft Windows Hotfix KB951191 (http://support.microsoft.com/kb/951191)
- Use the native Windows 2008 KTPass tool
- (Optional) Issue the KTPass command using a slash (/) instead of a dash (-), as instructed in the Microsoft TechNet support page (http://technet.microsoft.com/en-us/library/cc753771.aspx) The following illustrates an example command:
C:\Program Files\Support Tools> ktpass.exe /princ sanac/TestAD01.testdom.com@TESTDOM.COM /mapuser sanac /pass 123456sS /out c:\casuser.keytab /ptype KRB5_NT_PRINCIPAL +DesOnly

For additional information, refer to the "Configuring Active Directory Single Sign-On (AD SSO)" chapter of the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.7(1). See also caveat CSCsy45780 for further details.

⁵Users logging into Cisco NAC Appliance via AD SSO must be running Windows Vista and have the latest Cisco NAC Agent (version 4.7.1.15) installed on their client machine in order to remain FIPS-compliant. Windows XP clients performing AD SSO do not conform to FIPS 140-2 compliance requirements.

⁶Windows 2003 Standard without SP1 is not supported.

Cisco NAC Agent Localized Language Support

Cisco NAC Agent version 4.6.2.113 and later provides native localization support of user-facing dialog text and messages. The Agent determines the correct language template based on the local computer Locale (under Control Panel > Regional and Language Options), unless you explicitly disable this function by setting the "Locale" parameter in the Agent configuration XML file. The Agent also provides MultiByte Character Support (MBCS) for posture assessment and remediation on "double-byte" language operating systems. The following languages are supported:."

Catalan

English

Italian

Serbian (Cyrillic)

Chinese (Simplified)

Finnish

Japanese

Serbian (Latin)

Chinese (Traditional)

French

Korean

Spanish

Czech

French Canadian

Norwegian

Swedish

Danish

German

Portuguese

Turkish

Dutch

Hungarian

Russian

Note If you use the latest version of the Cisco NAC Agent, but leave your CAM/CAS at release 4.5(1) or earlier, Agent connect-time information (e.g. remediation requirement names and descriptions) are English-only—users lose the advantage of the native operating system localization support available to Cisco NAC Agent users who are logging in to a 4.6(1) and later CAM/CAS network.

Clean Access Agent Localized Language Template Support

The Clean Access Agent determines the correct language template based on the local computer Locale (under Control Panel > Regional and Language Options). Agent language template support only controls what the viewer sees after the Agent is installed; it does not include support for different client operating systems for the Agent Installer or for AV/AS products.

Version 4.5.x.x of the Clean Access Agent supports the following localized language templates:

Catalan

Finnish

International English

Serbian

Czech

French

Italian

Spanish

Danish

French (Canada)

Norwegian

Swedish

Dutch

German

Portuguese

Turkish

English

Hungarian

Russian

Note For the Russian localized template, the Agent must run on Russian Windows to be able display all characters correctly.

Supported OS Locales

All languages supported for language templates are also supported for OS Locales. Japanese is also supported as an OS Locale. With OS Locale support, the Clean Access Agent installs/authenticates on the Windows language version (e.g. German Windows or Japanese Windows) but displays all information and instructions in English.

Note For details on the Clean Access Agent for Release 4.1(x) and earlier, refer to Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access).