NAC-L3-IP for LAN (not VPN) on an ASA550, similar to IOS firewall?

jasonhumes · ‎06-23-2008

Hi

So I've got NAC-L3-IP working on my Cisco 1800 IOS firewall/router through the use of;

aaa authentication eou default group radius

ip admission name secureLAN eapoudp inactivity-time 60 list 102

interface FastEthernet1.50

encapsulation dot1Q 50

ip address 10.1.10.1 255.255.255.0

ip access-group inside in

ip helper-address 192.168.199.100

ip inspect default in

ip admission secureLAN

And I'm trying to get the same working on an ASA5520 running 7.2(3).

So, I've found out how to configure NAC on the ASA5500 for remote access VPN connections, but not LAN connections. Is this not possible on the ASA5500 like on an IOS firewall? Thanks

Jason

hadbou · ‎06-27-2008

Network Admission Control (NAC) protects the enterprise network from intrusion and infection from worms, viruses, and rogue applications by performing endpoint compliancy and vulnerability checks as a condition for production access to the network.

Refer the following url for more info on configuring NAC with ASA 7.2:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnnac.html

jasonhumes · ‎06-27-2008

Hi

That link you provided details configuring NAC on remote access VPN connections, which I've got working no problem...what I'd like to do is have NAC applied to outbound LAN connections, like what is possible with a router.

Is this not possible? Thanks.

Jason