We have about 20 remote branch offices. Office size varies from as small as 2 users per office to as large as 30 users per office. Each office has either a Cisco 1801 or 1841 router that we manage. These routers basically provide DHCP, NAT, and Firewall services for the client computers, and all traffic simply goes out to various ISPs that provide the network for these offices. All computers at these offices are connected to non Cisco and unmanaged switches, which are connected to our routers. We have no control over the end users' computers at these offices, and these users do not access any network resources at the Headquarter. We merely provide internet access for these offices.
I have been reading about NAC, such as in band vs. out of band, virtual gateway vs. real IP gateway, layer2 vs. layer3, but I am not sure how to go about it.
What do you think the most cost effective approach to implement NAC is in this environment?