cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
576
Views
0
Helpful
6
Replies

VPN 3030 Concentrator -- Antivirus

r-tyrell
Level 1
Level 1

Is there a way to configure the 3030 to require a client to have antivirus software?

Thanks

6 Replies 6

Trickster
Level 1
Level 1

Err, no there ain't. However, if you use something like iPass (www.ipass.com) for your internet connection, that can check for the presence of AV and PFW's before allowing a connection to the Internet and subsequently to the 3030.

Try zone labs integrity server. It looks to AV and it also does policy based gateway enforcement. Have been using it for about 1 monh now. Not bad...

gfullage
Cisco Employee
Cisco Employee

Yes definately. The VPN client (from 3.6 onwards) also actually has a firewall built into it, which you can leave turned on even if the VPN client isn't running.

Other than that, you can configure the concentrator group to require that the client has anti-virus software running before it will establish a connection. We currently support (as of 4.0) BlackIce, ZoneAlarm, ZA Pro, ZA Integrity, Sygate PFW, Sygate PFW Pro, Sygate Security Agent and Cisco Security Agent.

Check the Client FW tab under the group on the concentrator, the online help has all the info you need to configure it (you don't need to do anything on the client specifically other than have the appopriate firewall SW running).

Thanks for the reply. We currently run Symantec Corporate Edition. Any plans to support Symantec in the future?

I've looked for the option to specify antivirus requirement for vpn users before they connect, but cannot find it. You have a link for this?

thx in advance...POH

Cisco is releasing NAC soon. (network access control) NAC will have a client app called the Trust Agent. The next hop router inside the network can make sure the end client conforms to specifications (app versions, anti-virus client, etc) before routing the traffic from that client by communicating with the Trust Agent.

I'm sure they'll probably update the VPN concentrator to interact direclty with the Trust Agent as well as it makes obvious sense to do so.