NAC high avialabilty

Answered Question
Feb 7th, 2010
User Badges:

my teamleader give me a task to impliment NAC in an enterprise nertwork solution :

the solution contains wireless system using wireless LAN controller, VPN over WAN ,  reduendancy for every device .

1. i want to impliment NAC manager high availabilty and NAC server high avilabilty  from the istallation guide i found many senerios

2. i want  impliment the NAC server INband  what recomendations layer 2 or layer 3 implimentaions

3. i saw in the installation guide that in NAC high avialabilt use serial cabel  and no info about it


thank you for your help

Correct Answer by wkamil123 about 7 years 3 months ago

Why not?

On which device are you terminated IPSec tunnels? It's a Cisco ASA?

So, you can easily add to the CAM Cisco ASA as a VPN concentrator. Furthermore, you can deploy VPN SSO, if you have on the network environment Microsoft Active Directory server.


Kamil,

Correct Answer by wkamil123 about 7 years 3 months ago

Hi,


The best solution for you is to deploy CCA in a L3 OOB central deployment mode. Local users will be connected to CAS in L2 OOB.

In future you can easily deploy NAC at the branche offices.

Looking for your network scheme, you must connect CAM and CAS to switchs WS-C4509-E.

CAM and CAS are using serial cable as a null modem, you can use it but it's not necessary if you connected two CAMs through crossover ethernet cable.


Kamil,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
wkamil123 Mon, 02/08/2010 - 02:31
User Badges:

Hi,


The best solution for you is to deploy CCA in a L3 OOB central deployment mode. Local users will be connected to CAS in L2 OOB.

In future you can easily deploy NAC at the branche offices.

Looking for your network scheme, you must connect CAM and CAS to switchs WS-C4509-E.

CAM and CAS are using serial cable as a null modem, you can use it but it's not necessary if you connected two CAMs through crossover ethernet cable.


Kamil,

wael.kamal Mon, 02/08/2010 - 04:28
User Badges:

i think L3OOBand deploment  will not work with IPSEC VPN and there are some  clients using  cisco VPN client

Correct Answer
wkamil123 Mon, 02/08/2010 - 08:01
User Badges:

Why not?

On which device are you terminated IPSec tunnels? It's a Cisco ASA?

So, you can easily add to the CAM Cisco ASA as a VPN concentrator. Furthermore, you can deploy VPN SSO, if you have on the network environment Microsoft Active Directory server.


Kamil,

Actions

This Discussion