customer has two version of McAfee antivirus. What I need is - user get the same role when login to PC with version X or PC with version Y. Is it possible to create AV install rule with OR logic? Something like if on PC is installed version X OR version Y pass check and give user Role USER.
1] What are the different category checks that NAC can implement? (for example, anti-virus, operating system, registry check, â¦)
Faisal: All of the above. It would take a good sized chapter to detail all you're asking for above in Q1, so I would therefore suggest a book for you to pick up and read. The title is "Cisco NAC Appliance: Enforcing Host Security with Clean Access (Paperback)" ISBN for this book is 1587053063.
Also see the Video-On-Demand which explains all the requirement/rules etc. VODs are located here: http://tinyurl.com/d74t9u and you're looking for VOD 5
2] Service/Warranty: how much is it to renew the software licenses after the warranty expires?
Also, how much is it for the Yearly Subscription/maintenance of Licenses?
Suppose if we didn't renew the service, will our NAC work without updates?
Faisal: Your account team is the best resource for this. I don't know the pricing. NAC will continue to work without renewal of service - you just won't get support for it.
3] Can we enforce updates using a PC placed in quarantine/inside/trusted area instead of using the internet (remediation server)?
Faisal: Yes, you can have your internal remediation servers you can point your clients to.
4] Application check of end point: does it check for Evaluation, trail, licensed, or un-licensed version of any application (for example, anti virus, OS, â¦)?
Faisal: Yes to all. The rule/requirement capabilities of CCA are very flexible and you can get quite creative
5] Let's say we configured the appliance to be VPN, thereafter is it possible to change it to wireless? If yes, how difficult it is?
Faisal: Same CAS can work for both wireless and VPN. How difficult? Depends on your network. Your account team again would be the best resource to get you a design
6] After implementing the NAC VPN solution in a single-sign-on, how much time delay will it add to authenticating a remote user? In other words, will there be a considerable delay?
Faisal: Delay for authentication is minimal (two seconds to five seconds) If you client however needs rememdiation, that delay is separate.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...