cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
514
Views
3
Helpful
3
Replies

VPN 3005 End-Point Security?

zentech-admin
Level 1
Level 1

All:

I recently saw a Nortel Contivity VPN in action. It comes with TunnelGuard software that requires an end-user to first have updated Antivirus Software, as well as updated AV definition files.

Apparently that is Nortel proprietary software that ships with it's VPN boxes.

What do you recommend I use for my Cisco VPN 3005 unit? Does it already have some sort of built-in end-point security verification in place? I assume not. Any recommendations?

Thank you.

3 Replies 3

travis-dennis_2
Level 7
Level 7

Network Admission Control (NAC) is currently in beta testing for the VPN Concentrator series. With this version of code on the Concentrator, ACS 3.3 and a few other components (I think) you will be able to restrict network admission via VPN on the 3000 series. This can check for OS patch levels, AV definition dates, etc. I have no date for availability.

What you can do as of right now is specify that a software firewall service is running. Something like the Cisco Security Agent, Black ICE, Zone Alarm, Sygate or a custom solution. The 3000 will make sure this is running before allowing connectivity. Not quite as robust as NAC but it is better than nothing.

Hope this helps.

Please remember to rate all replies

In addition to specifying that a software firewall service is running, can I specify that an updated AV client is also running?

What about ZoneLabs/CheckPoint Integrity? It's suppose to integrate well with Cisco 3000 series VPN boxes, and will verify and allow access to end points only when an updated AV is available etc.

You won't find Integrity listed as one of your choices but what you CAN do is specify a custom firewall and reference Integrity or any other installed software.

This is configurable under Configuration | User Management | Groups | Modify

then select your group that you want this to apply to then select Client Firewall.

Should be downhill from there

Please remember to rate all replies