Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC-L3-IP for LAN (not VPN) on an ASA550, similar to IOS firewall?

Hi

So I've got NAC-L3-IP working on my Cisco 1800 IOS firewall/router through the use of;

aaa authentication eou default group radius

ip admission name secureLAN eapoudp inactivity-time 60 list 102

interface FastEthernet1.50

encapsulation dot1Q 50

ip address 10.1.10.1 255.255.255.0

ip access-group inside in

ip helper-address 192.168.199.100

ip inspect default in

ip admission secureLAN

And I'm trying to get the same working on an ASA5520 running 7.2(3).

So, I've found out how to configure NAC on the ASA5500 for remote access VPN connections, but not LAN connections. Is this not possible on the ASA5500 like on an IOS firewall? Thanks

Jason

2 REPLIES
Bronze

Re: NAC-L3-IP for LAN (not VPN) on an ASA550, similar to IOS fir

Network Admission Control (NAC) protects the enterprise network from intrusion and infection from worms, viruses, and rogue applications by performing endpoint compliancy and vulnerability checks as a condition for production access to the network.

Refer the following url for more info on configuring NAC with ASA 7.2:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnnac.html

New Member

Re: NAC-L3-IP for LAN (not VPN) on an ASA550, similar to IOS fir

Hi

That link you provided details configuring NAC on remote access VPN connections, which I've got working no problem...what I'd like to do is have NAC applied to outbound LAN connections, like what is possible with a router.

Is this not possible? Thanks.

Jason

281
Views
0
Helpful
2
Replies