NAC Design Issue

Unanswered Question
Jan 15th, 2009

Dear All,

We will use CAS 1 for Local users (wired/wireless) as L2 OOB virtual GW.

We will use CAS 2 for VPN users as L3 In-band virtual GW with VPN router.

Now we have one remote site connecting to our ASA DMZ and other remote sites connecting to our WAN router to access our resources.

So can I use existing CAS1 or 2 for these two entry points?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
drienties Thu, 01/15/2009 - 05:14

just for clarification, i attached a quick sketchup. is this somewhat the topology you had in mind?

If so then you should be able to use CAS 2 for the ASA and WAN router. The NAC agents installed in the remote locations should have a discovery host in the trusted network and you have to force the incoming traffic through the CAS. But it should be possible as far as i can see.

Only thing to keep in mind is the 1Gbit throughput limit on the CAS, depending on the amount of traffic coming from remote sites and VPN users it may or may not be an issue.

Attachment: 

Actions

This Discussion