11-04-2013 04:31 AM - edited 03-10-2019 09:03 PM
Hello Experts,
We want to implement NAC/ISE for remote access users (terminating on Cisco ASA or IOS Routers), through NAC/ISE we want to know whether the users coming through the VPN ...
- using company given laptops
- have required softwares (anti-virus etc) installed and upto date
Thanks
11-04-2013 06:00 AM
By using an ISE Inline Posture Node (IPN), you can posture the clients connecting through VPN to your network. You can set up Posture rules and Remediation sites for the software requirements.
Using the Profiling service, you can also determine the device from which they are connecting. You could go so far as to create rulesets based upon MAC addresses so that when a company-owned device is connected specific access can be granted.
Note that the IPN for the ISE must be a physical appliance (not a Virtual Node) and that you will need an Advanced Services License to enable posturing and profiling.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
11-04-2013 06:32 AM
Thanks Charles for the reply...
Does NAC has the same provisioning.
And how would we configure the ASA/IOS devices to send the traffic to the NAC appliance to validate the posture before accssing any other device in the network?
Thanks...
11-05-2013 06:19 AM
The NAC Appliance does have some of the same posture validation elements to it. Using the NAC Server with the NAC Agent will give you the results you are looking for, I believe.
The NAC Guest Server will make this process more streamlined for your users, if you decide to go the NAC route. You can read more about it here:
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
11-05-2013 06:13 AM
Well answered by Charles.
You can check the below link for step by step configuration of IPN:
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_ipep_deploy.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide