I have seen a half dozen articles/white papers on these topics. But have not seen a good reference on implementation, hardware required etc.
I am looking to implement a enterprise wide security solution. NAC, IBNS and CTA all seem to be geared to provide that solution but I cannot find any detailed references on them. I need more info than just the managerial sales pitch info.
I digress. I found some addtional info on implementation so that topic is moot. Other questions come to light. Does the NAC tool set allow for authentication with Active Directory? Also is there better roll out date than Mid 2004?
To be honest, there probably are not a whole lot of people that monitor this forum and are aware of the ins and outs of NAC. The reasons for this is because most of us have not seen it live and in color yet. Neither the IOS code nor the anti-virus code (that I am aware of) is available yet. Might be best to talk to your local Cisco account team concerning this.
Now, with this said, I will give you my answers to your questions based on what I know.
Q - Does NAC tool set allow for authentication with AD?
A - Yes, eventually...phase II includes integration with current 802.1x technology which allows you to use AD as an external backend db. Phase I which is due out sometime around January (12.3T release) is L3 only and does not have any user authentication included.
Q - Better rollou date?
A - At this time, no. Phase I is set for the 1st half of 2004 and phase II is set for the second half of 2004. Based on past schedules, this probably means June and December ;)
Hope this helps some. Feel free to ask some follow up questions if needed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...