Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
3
Helpful
3
Replies

VPN 3005 End-Point Security?

zentech-admin
Level 1
Level 1

‎01-12-2005 10:54 AM

All:

I recently saw a Nortel Contivity VPN in action. It comes with TunnelGuard software that requires an end-user to first have updated Antivirus Software, as well as updated AV definition files.

Apparently that is Nortel proprietary software that ships with it's VPN boxes.

What do you recommend I use for my Cisco VPN 3005 unit? Does it already have some sort of built-in end-point security verification in place? I assume not. Any recommendations?

Thank you.

Labels:
0 Helpful
3 Replies 3

travis-dennis_2
Level 7
Level 7

‎01-12-2005 02:08 PM

Network Admission Control (NAC) is currently in beta testing for the VPN Concentrator series. With this version of code on the Concentrator, ACS 3.3 and a few other components (I think) you will be able to restrict network admission via VPN on the 3000 series. This can check for OS patch levels, AV definition dates, etc. I have no date for availability.

What you can do as of right now is specify that a software firewall service is running. Something like the Cisco Security Agent, Black ICE, Zone Alarm, Sygate or a custom solution. The 3000 will make sure this is running before allowing connectivity. Not quite as robust as NAC but it is better than nothing.

Hope this helps.

Please remember to rate all replies

0 Helpful

zentech-admin
Level 1
Level 1
In response to travis-dennis_2

‎01-13-2005 05:27 AM

In addition to specifying that a software firewall service is running, can I specify that an updated AV client is also running?

What about ZoneLabs/CheckPoint Integrity? It's suppose to integrate well with Cisco 3000 series VPN boxes, and will verify and allow access to end points only when an updated AV is available etc.

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to zentech-admin

‎01-13-2005 09:08 AM

You won't find Integrity listed as one of your choices but what you CAN do is specify a custom firewall and reference Integrity or any other installed software.

This is configurable under Configuration | User Management | Groups | Modify

then select your group that you want this to apply to then select Client Firewall.

Should be downhill from there

Please remember to rate all replies

Customers Also Viewed These Support Documents