Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco NAC question

Is it possible to provide limited privilege to a remote user based on results from Cisco remote agent? ie. let's say the remote machine does not have the right anti virus, therefore I only want to give them read access from corporate dmz. No write privilege. Is something like this possible?

1 REPLY
Community Member

Re: Cisco NAC question

You could give quarantined role http/https access to you dmz for example but unless the applications require different ports there is no way I know of to say port is ok but what they do on the port is not. If write access is scp or ftp however this would work, as quarantined role is not allowed to go to dmz on ftp or scp ports in this scenario.

In the case of web servers where you want to let everyone access the web but you only want those that pass posture assessment to ftp or scp new files to the servers this would propably fit.

139
Views
0
Helpful
1
Replies
CreatePlease to create content