Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
1
Replies

NAC vs ASA Built-in Feature

mcroft
Level 1
Level 1

‎12-11-2008 04:04 AM - edited ‎02-21-2020 03:09 AM

Hi,

I am looking a secure solution for around 25 users - to remote access into our datacentre.

Obvioudly a secure tunnel is needed (SSL/Ipsec), BUT ALSO, i want a solution to provide 'posture assesment' of sorts.

Now, NAC is very expensive for this small type of smallish network.

I have been looking at the ASA55** feature "Pre-Connection Posture Assessment" with the Cisco Secure Desktop :-

It offers "Host integrity verification checking seeks to detect the presence of antivirus software, personal firewall software, and Windows service packs on the endpoint system prior to granting network access."

I think this is PERFECT !!

Can anyone please tell me how this differs from NAC and would it survice ??

Thank you.

P.S I intend to use the IPS module too, to ensure data passing the ASA will be "scrubed" clean.

0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎12-14-2008 03:06 AM

The Cisco Secure Desktop feature is only available with SSL VPNs, and not with IPSEC. If you plan to use ONLY SSL VPNs then CSD is a reasonable solution for small setups.

For IPSEC endpoints you need to go with NAC.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card