Cisco NAC question

Unanswered Question
Jun 17th, 2009

Is it possible to provide limited privilege to a remote user based on results from Cisco remote agent? ie. let's say the remote machine does not have the right anti virus, therefore I only want to give them read access from corporate dmz. No write privilege. Is something like this possible?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
greg.washburn Wed, 06/17/2009 - 09:39

You could give quarantined role http/https access to you dmz for example but unless the applications require different ports there is no way I know of to say port is ok but what they do on the port is not. If write access is scp or ftp however this would work, as quarantined role is not allowed to go to dmz on ftp or scp ports in this scenario.

In the case of web servers where you want to let everyone access the web but you only want those that pass posture assessment to ftp or scp new files to the servers this would propably fit.


This Discussion