NAC-L3-IP for LAN (not VPN) on an ASA550, similar to IOS firewall?

Unanswered Question
Jun 23rd, 2008


So I've got NAC-L3-IP working on my Cisco 1800 IOS firewall/router through the use of;

aaa authentication eou default group radius

ip admission name secureLAN eapoudp inactivity-time 60 list 102

interface FastEthernet1.50

encapsulation dot1Q 50

ip address

ip access-group inside in

ip helper-address

ip inspect default in

ip admission secureLAN

And I'm trying to get the same working on an ASA5520 running 7.2(3).

So, I've found out how to configure NAC on the ASA5500 for remote access VPN connections, but not LAN connections. Is this not possible on the ASA5500 like on an IOS firewall? Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Fri, 06/27/2008 - 02:40

Network Admission Control (NAC) protects the enterprise network from intrusion and infection from worms, viruses, and rogue applications by performing endpoint compliancy and vulnerability checks as a condition for production access to the network.

Refer the following url for more info on configuring NAC with ASA 7.2:

jasonhumes Fri, 06/27/2008 - 04:00


That link you provided details configuring NAC on remote access VPN connections, which I've got working no problem...what I'd like to do is have NAC applied to outbound LAN connections, like what is possible with a router.

Is this not possible? Thanks.



This Discussion