Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
680
Views
4
Helpful
4
Replies

posture validation of RemoteAccess VPN users

Waseem Memon
Level 1
Level 1

‎11-04-2013 04:31 AM - edited ‎03-10-2019 09:03 PM

Hello Experts,

We want to implement NAC/ISE for remote access users (terminating on Cisco ASA or IOS Routers), through NAC/ISE we want to know whether the users coming through the VPN ...

- using company given laptops

- have required softwares (anti-virus etc) installed and upto date

Thanks

Labels:
0 Helpful
4 Replies 4

Charlie Moreton
Cisco Employee
Cisco Employee

‎11-04-2013 06:00 AM

By using an ISE Inline Posture Node (IPN), you can posture the clients connecting through VPN to your network.  You can set up Posture rules and Remediation sites for the software requirements. 

Using the Profiling service, you can also determine the device from which they are connecting.  You could go so far as to create rulesets based upon MAC addresses so that when a company-owned device is connected specific access can be granted.

Note that the IPN for the ISE must be a physical appliance (not a Virtual Node) and that you will need an Advanced Services License to enable posturing and profiling.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

Waseem Memon
Level 1
Level 1
In response to Charlie Moreton

‎11-04-2013 06:32 AM

Thanks Charles for the reply...

Does NAC has the same provisioning.

And how would we configure the ASA/IOS devices to send the traffic to the NAC appliance to validate the posture before accssing any other device in the network?

Thanks...

0 Helpful

Charlie Moreton
Cisco Employee
Cisco Employee
In response to Waseem Memon

‎11-05-2013 06:19 AM

The NAC Appliance does have some of the same posture validation elements to it.  Using the NAC Server with the NAC Agent will give you the results you are looking for, I believe.

The NAC Guest Server will make this process more streamlined for your users, if you decide to go the NAC route.  You can read more about it here:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd802da1b5.html

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

0 Helpful

aqjaved
Level 3
Level 3

‎11-05-2013 06:13 AM

Well answered by Charles.

You can check the below link for step by step configuration of IPN:

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_ipep_deploy.html

0 Helpful
Customers Also Viewed These Support Documents
Top