https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178599#M788294 <P>Hello, </P><P></P><P>Could I have some help in placing CAS and CAM servers in my existing topology :).</P><P>Indeed I want to verify the conformity of Remote users(Connected Via VPN) to my inside servers by NAC, but I have some difficult in placing them.</P><P>Is it possible to configure the CAS in VGW mode?</P><P></P><P>please view the topology in attachement.</P><P></P><P>regards/.</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 11:29:17 GMT i.ennassiri 2020-02-21T11:29:17Z https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178599#M788294 <P>Hello, </P><P></P><P>Could I have some help in placing CAS and CAM servers in my existing topology :).</P><P>Indeed I want to verify the conformity of Remote users(Connected Via VPN) to my inside servers by NAC, but I have some difficult in placing them.</P><P>Is it possible to configure the CAS in VGW mode?</P><P></P><P>please view the topology in attachement.</P><P></P><P>regards/.</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 11:29:17 GMT https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178599#M788294 i.ennassiri 2020-02-21T11:29:17Z https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178600#M788301 <HTML><HEAD></HEAD><BODY><P>is there a network (with servers or PC's) that sits between the front and back firewalls? I don't often see designs like this with back to back firewalls.</P><P></P><P>What type of vpn/fw device sits closest to your ISP router?</P><P></P><P>you will have to configure the CAS in an in-band mode, either L3 or VGW.</P></BODY></HTML> Fri, 29 May 2009 13:41:43 GMT https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178600#M788301 srue 2009-05-29T13:41:43Z https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178601#M788304 <HTML><HEAD></HEAD><BODY><P>1/The FW that is closest to the ISP router is an ASA5550.the back FW is a fortinet.</P><P>The front FW is used as a VPN server, and there is a 2 DMZ, one for AAA Server, AD, CA Server. and the other is for Web servers.</P><P></P><P>The back firewall is used to protect mission critical servers, and other networks connected to it.</P><P>2/The network that I want to protect using NAC is a set of servers that will be accessed by VPN users.</P><P></P><P>Where should I place the CAM and CAS servers.</P><P></P><P>Regards/.</P><P></P></BODY></HTML> Fri, 29 May 2009 14:18:25 GMT https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178601#M788304 i.ennassiri 2009-05-29T14:18:25Z https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178602#M788313 <HTML><HEAD></HEAD><BODY><P>Hello Ismail,</P><P> The Auth DMZ looks like a suitable zone to place NAM. </P><P> Couple of questions, Im no pro in Fortinet, can you do source routing with it? Is the inside switch a L3 switch?</P><P></P><P>Regards</P></BODY></HTML> Mon, 01 Jun 2009 00:43:57 GMT https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178602#M788313 Alan Huseyin Kayahan 2009-06-01T00:43:57Z https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178603#M788327 <HTML><HEAD></HEAD><BODY><P>the inside switch is a catalyst 3560, it supports L3.</P><P>so for the CAS , where I can place it? Can I configure it as Virtual gateway?</P><P></P><P>Regards</P></BODY></HTML> Mon, 01 Jun 2009 06:51:47 GMT https://community.cisco.com/t5/network-security/nac-implementation/m-p/1178603#M788327 i.ennassiri 2009-06-01T06:51:47Z