02-07-2010 11:37 PM - edited 02-21-2020 03:52 AM
my teamleader give me a task to impliment NAC in an enterprise nertwork solution :
the solution contains wireless system using wireless LAN controller, VPN over WAN , reduendancy for every device .
1. i want to impliment NAC manager high availabilty and NAC server high avilabilty from the istallation guide i found many senerios
2. i want impliment the NAC server INband what recomendations layer 2 or layer 3 implimentaions
3. i saw in the installation guide that in NAC high avialabilt use serial cabel and no info about it
thank you for your help
Solved! Go to Solution.
02-08-2010 02:31 AM
Hi,
The best solution for you is to deploy CCA in a L3 OOB central deployment mode. Local users will be connected to CAS in L2 OOB.
In future you can easily deploy NAC at the branche offices.
Looking for your network scheme, you must connect CAM and CAS to switchs WS-C4509-E.
CAM and CAS are using serial cable as a null modem, you can use it but it's not necessary if you connected two CAMs through crossover ethernet cable.
Kamil,
02-08-2010 08:01 AM
Why not?
On which device are you terminated IPSec tunnels? It's a Cisco ASA?
So, you can easily add to the CAM Cisco ASA as a VPN concentrator. Furthermore, you can deploy VPN SSO, if you have on the network environment Microsoft Active Directory server.
Kamil,
02-08-2010 02:31 AM
Hi,
The best solution for you is to deploy CCA in a L3 OOB central deployment mode. Local users will be connected to CAS in L2 OOB.
In future you can easily deploy NAC at the branche offices.
Looking for your network scheme, you must connect CAM and CAS to switchs WS-C4509-E.
CAM and CAS are using serial cable as a null modem, you can use it but it's not necessary if you connected two CAMs through crossover ethernet cable.
Kamil,
02-08-2010 04:28 AM
i think L3OOBand deploment will not work with IPSEC VPN and there are some clients using cisco VPN client
02-08-2010 08:01 AM
Why not?
On which device are you terminated IPSec tunnels? It's a Cisco ASA?
So, you can easily add to the CAM Cisco ASA as a VPN concentrator. Furthermore, you can deploy VPN SSO, if you have on the network environment Microsoft Active Directory server.
Kamil,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide