cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1166
Views
0
Helpful
9
Replies

NAC In-Band Deployment for Wireless and VPN

mrahman0302
Level 1
Level 1

Hi,

I am trying to configure In Band VG for Wireless and VPN users. I have already configured the NAC for wireless users. My switch configuration for Wireless as follows :

nterface GigabitEthernet6/25

description NAC Server (IB - WLAN) - Trusted Intf ETH0

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 997

switchport trunk allowed vlan 100,200,400,692

switchport mode trunk

!

interface GigabitEthernet6/26

description NAC Server (IB - WLAN) - UnTrusted Intf ETH1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 996

switchport trunk allowed vlan 616-618

switchport mode trunk

interface Vlan692

description NAC SRV (IB) Management VLAN

ip address 10.1.6.25 255.255.255.248

My question is what I need to create on the switch for VPN users? I appreciate your expert help.

Thanks

9 Replies 9

Daniel Laden
Level 4
Level 4

You will implement VPN as you would without CAS. The important element is the private side of the VPN is the untrusted side of the CAS.

Review these documents:

Integrating with Cisco VPN Concentrators

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html

CCA Chalk Talks

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html

You can deploy NAC in-band mode for wireless use a WLC, if so which paper do you recommend for doing

Another question, can be integrated in a scheme using Wireless OOB NAC with Single Sign On(RAdius Server), as documents said that some details (using an option similar to that used with VPNs), but others say no, if it is possible that documentation you can provide me, thanks

one last question in a LAN environment using NAC OOB Virtual Gateway mode is supported Single Sign On?

Juan,

Yes, that is supported.

HTH,

Faisal

That is the answer to which of my questions? Of which is not because I made you 3 questions, not whether it can be a bit more specific

Juan,

Sorry. Should have been more specific. I was answering for the query you had: "one last question in a LAN environment using NAC OOB Virtual Gateway mode is supported Single Sign On?"

Yes, that is supported.

HTH,

Faisal

  I had a doubt about the implementation of NAC because NAC OOB desire to implement a wired network using Cisco switches and a wireless network in a single WLC using CAS, it is possible and advisable to do this implementation, if so there is some guidance?

Hi faisal, had other questions in a nac vpn implementation in VG band or Real Ip gateway is possible to place an L2 switch between Cisco ASA and CAS?

Espero que tu ayuda, gracias.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: