I am evaluating the NAC appliance for my wired and wireless users. I have read that the only way to deply NAC for wireless is in-band mode but it looks like the following link says that it is possible to deply NAC for wireless networks in-band or out-of-band mode:
"NAC Appliance can be deployed for WLANs as an in-band deployment for full-time endpoint scanning or out-of-band within a central site for periodic scanning to confirm posture compliance. The NAC Appliance server performs authentication, posture assessment, and remediation. The server securely controls authenticated and unauthenticated user traffic by managing traffic policies based on protocol/port or subnet, providing bandwidth policy management based on shared, or per-user bandwidth, or using time-based sessions and heartbeat controls. (Figure 1)"
Re: NAC Out-of-Band Deployment for wireless networks
In my case I am planning to deploy a central NAC appliance at the main office to control some branch offices and local wired users at the main office. The NAC appliance will operate in out-of-band mode. But for wireless users at the main office I will need an aditional NAC appliance operating in in-band mode, is this correct?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...