In the process of getting our NAC appliance setup moved into a production level. We have everything working up to getting Nessus scanning working. I'm a bit confused by the documentation. It appears as though Nessus scanning only applys to web login users... is this correct? The doc shows activating Nessus vulnerability handling under General Setup -> Web Login. I don't see anywhere how to enable it for an agent environment. I have a setup where our test user is placed into the proper roles, and I have selected a Nessus vulnerabilty for that role. I never see the scan happen though. It's as if the agent isn't required to go through vulnerability scanning before being placed into his or her role. Is that correct? Thanks in advance for any help!
You must be very busy. Your fine blog has gone without an update for too long.
To answer your question, Nessus Scanning applies to both web login users and users with the Agent installed.
You would be very interested in the book from the Cisco Press by Jamey Heary on the NAC Appliance. It was published this last August and contains much clearer explanations than the Cisco documentation. Though I would still read everything in the Cisco docs and release notes.
Pages 266 in the Heary book is where it begins to explain the process of downloading the plugins from Nessus, renaming them so they can be uploaded into the CAM, and then selecting the User Role to configure scanning on.
Good to hear from you. I have been rather busy and I'm hoping to get some time in the near future to get the blog updated. The CMPC program I wrote has been quite popular with nearly 400 downloads so far.
Back to the issue of Nessus scans. We're looking good, getting scans done now on the agent side. But I'm trying to test by enabling the TFTP server detected plugin. I have it setup as seen in the attachment. When I test against the workstation, it shows that it detected the TFTP server running. But, when the user logs in with the agent and is placed in that same role, they never are notified they are vulnerable. Why is that?
No luck by adding a URL. If I edit the web settings and tell it to block user access if they fail vulnerability check. The user does fail and a report is generated, but the user only sees a screen stating they were blocked and under detail it's blank. Not sure. I looked in the book and it provides about as much details as the docs. It does show a screenshot of the agent showing the user which vulnerability check he or she failed, but I can't get that on my agent.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...