09-13-2006 07:15 AM - edited 02-21-2020 01:10 AM
Hi,
Can someone tell me how to configure this on a pix.
thanks
09-13-2006 07:31 AM
???
09-13-2006 07:42 AM
I have read that there is a feature called Are you there . This actually checks in the client computer for specific software and services and then only makes a vpn connection.
any idea ?
thanks
09-13-2006 08:02 AM
The feature you are looking for is called NAC (network admission controll). As far as I remember it is available on PIX with then new 7.2 release of PIX OS.
10-09-2006 09:31 PM
Pls elaborate on the question.
09-13-2006 10:19 AM
Raj,
Does PIX 7.0 support the Are You There (AYT) feature?
A. Yes. In an AYT scenario, a remote user has a personal firewall installed on the PC. The VPN Client enforces the firewall policy defined on the local firewall, and it monitors that firewall to make sure that is runs. If the firewall stops running, the VPN Client drops the connection to the PIX or ASA. This firewall enforcement mechanism is called Are You There (AYT), because the VPN Client monitors the firewall by sending it periodic "are you there?" messages. If no reply comes, the VPN Client knows the firewall is down and terminates its connection to the PIX Security Appliance. The network administrator might configure these PC firewalls originally, but with this approach, users can customize their own configurations.
Please refer the below URL for details:
Pix 7.0 FAQ
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#q7
Configuration Guide
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/vpngrp.htm
I hope it helps.
Regards,
Arul
09-13-2006 11:38 PM
thanks for the info..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: