NAC In-Band Deployment for Wireless and VPN

Unanswered Question
Nov 19th, 2008
User Badges:

Hi,


I am trying to configure In Band VG for Wireless and VPN users. I have already configured the NAC for wireless users. My switch configuration for Wireless as follows :

nterface GigabitEthernet6/25

description NAC Server (IB - WLAN) - Trusted Intf ETH0

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 997

switchport trunk allowed vlan 100,200,400,692

switchport mode trunk

!

interface GigabitEthernet6/26

description NAC Server (IB - WLAN) - UnTrusted Intf ETH1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 996

switchport trunk allowed vlan 616-618

switchport mode trunk


interface Vlan692

description NAC SRV (IB) Management VLAN

ip address 10.1.6.25 255.255.255.248


My question is what I need to create on the switch for VPN users? I appreciate your expert help.


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Daniel Laden Wed, 11/19/2008 - 13:43
User Badges:
  • Cisco Employee,

You will implement VPN as you would without CAS. The important element is the private side of the VPN is the untrusted side of the CAS.


Review these documents:


Integrating with Cisco VPN Concentrators

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html


CCA Chalk Talks

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html



juancarlosorellana Wed, 01/06/2010 - 08:26
User Badges:

You can deploy NAC in-band mode for wireless use a WLC, if so which paper do you recommend for doing

juancarlosorellana Wed, 01/06/2010 - 09:02
User Badges:

Another question, can be integrated in a scheme using Wireless OOB NAC with Single Sign On(RAdius Server), as documents said that some details (using an option similar to that used with VPNs), but others say no, if it is possible that documentation you can provide me, thanks

juancarlosorellana Wed, 01/06/2010 - 09:24
User Badges:

one last question in a LAN environment using NAC OOB Virtual Gateway mode is supported Single Sign On?

Faisal Sehbai Wed, 01/06/2010 - 11:51
User Badges:
  • Gold, 750 points or more

Juan,


Yes, that is supported.


HTH,

Faisal

juancarlosorellana Wed, 01/06/2010 - 12:05
User Badges:

That is the answer to which of my questions? Of which is not because I made you 3 questions, not whether it can be a bit more specific

Faisal Sehbai Wed, 01/06/2010 - 12:08
User Badges:
  • Gold, 750 points or more

Juan,


Sorry. Should have been more specific. I was answering for the query you had: "one last question in a LAN environment using NAC OOB Virtual Gateway mode is supported Single Sign On?"


Yes, that is supported.


HTH,

Faisal

juancarlosorellana Fri, 01/08/2010 - 09:17
User Badges:

  I had a doubt about the implementation of NAC because NAC OOB desire to implement a wired network using Cisco switches and a wireless network in a single WLC using CAS, it is possible and advisable to do this implementation, if so there is some guidance?

juancarlosorellana Tue, 05/11/2010 - 10:04
User Badges:

Hi faisal, had other questions in a nac vpn implementation in VG band or Real Ip gateway is possible to place an L2 switch between Cisco ASA and CAS?



Espero que tu ayuda, gracias.

Actions

This Discussion