Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC In-Band Deployment for Wireless and VPN

Hi,

I am trying to configure In Band VG for Wireless and VPN users. I have already configured the NAC for wireless users. My switch configuration for Wireless as follows :

nterface GigabitEthernet6/25

description NAC Server (IB - WLAN) - Trusted Intf ETH0

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 997

switchport trunk allowed vlan 100,200,400,692

switchport mode trunk

!

interface GigabitEthernet6/26

description NAC Server (IB - WLAN) - UnTrusted Intf ETH1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 996

switchport trunk allowed vlan 616-618

switchport mode trunk

interface Vlan692

description NAC SRV (IB) Management VLAN

ip address 10.1.6.25 255.255.255.248

My question is what I need to create on the switch for VPN users? I appreciate your expert help.

Thanks

9 REPLIES

Re: NAC In-Band Deployment for Wireless and VPN

You will implement VPN as you would without CAS. The important element is the private side of the VPN is the untrusted side of the CAS.

Review these documents:

Integrating with Cisco VPN Concentrators

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html

CCA Chalk Talks

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html

Re: NAC In-Band Deployment for Wireless and VPN

You can deploy NAC in-band mode for wireless use a WLC, if so which paper do you recommend for doing

Re: NAC In-Band Deployment for Wireless and VPN

Another question, can be integrated in a scheme using Wireless OOB NAC with Single Sign On(RAdius Server), as documents said that some details (using an option similar to that used with VPNs), but others say no, if it is possible that documentation you can provide me, thanks

Re: NAC In-Band Deployment for Wireless and VPN

one last question in a LAN environment using NAC OOB Virtual Gateway mode is supported Single Sign On?

Re: NAC In-Band Deployment for Wireless and VPN

Juan,

Yes, that is supported.

HTH,

Faisal

Re: NAC In-Band Deployment for Wireless and VPN

That is the answer to which of my questions? Of which is not because I made you 3 questions, not whether it can be a bit more specific

Re: NAC In-Band Deployment for Wireless and VPN

Juan,

Sorry. Should have been more specific. I was answering for the query you had: "one last question in a LAN environment using NAC OOB Virtual Gateway mode is supported Single Sign On?"

Yes, that is supported.

HTH,

Faisal

Re: NAC In-Band Deployment for Wireless and VPN

  I had a doubt about the implementation of NAC because NAC OOB desire to implement a wired network using Cisco switches and a wireless network in a single WLC using CAS, it is possible and advisable to do this implementation, if so there is some guidance?

Re: NAC In-Band Deployment for Wireless and VPN

Hi faisal, had other questions in a nac vpn implementation in VG band or Real Ip gateway is possible to place an L2 switch between Cisco ASA and CAS?

Espero que tu ayuda, gracias.

794
Views
0
Helpful
9
Replies