NAC and Trusted connection feature(McAfee VirusScan)

stan_bianou · ‎01-23-2006

Hi,

I'm trying to implement truted connection feature for my NAC project. I use VirusScan Entreprise v 7.1. And it is required to download Common Management Agent v 3.5.

I have two question :

1. I would like to know if somebody knows how to get that agent.

2. Can somebody who has already implemented Trusted connection(compliance validation for antivirus, automatic remediation of non compliant host)tell me anything that can help for that implementation.

Thanks.

Stan.

b.hsu · ‎01-27-2006

Starting with release 3.5(3)+ of the CAM/CAS/Agent, the Agent will:

1. Check the client network for the Clean Access Server (same as previous versions), and if not found,

2. Send IP traffic to the Clean Access Manager (new behavior for 3.5.3+) if the Agent has the runtime IP address information of the CAM.

In order for clients to discover the CAS when they are one or more L3 hops away, clients must initially download the 3.5.3+ Agent from the CAS (via download web page or auto-upgrade). Either method allows the Agent to acquire the IP address of the CAM in order to send traffic to the CAM/CAS over the L3 network. Once installed in this way, the Agent can be used for both L3/VPN concentrator deployments or regular L2 deployments.

Acquiring and installing the 3.5.3+ Agent on the client by means other than direct download from the CAS (e.g. from Cisco Downloads) will not provide the necessary CAM information to the Agent and will not allow those Agent installations to operate in a multi-hop Layer 3 deployment.

For 3.5(5) or above CAM/CAS, you must check the option for "Enable L3 Support for Clean Access Agent" and perform an Update and Reboot under Device Management > CCA Servers > Manage [IP address] > Network > IP.

stan_bianou · ‎01-31-2006

Thanks for that reply, but it doesn't really fit with my case, because I'm not using clean access.