I am looking a secure solution for around 25 users - to remote access into our datacentre.
Obvioudly a secure tunnel is needed (SSL/Ipsec), BUT ALSO, i want a solution to provide 'posture assesment' of sorts.
Now, NAC is very expensive for this small type of smallish network.
I have been looking at the ASA55** feature "Pre-Connection Posture Assessment" with the Cisco Secure Desktop :-
It offers "Host integrity verification checking seeks to detect the presence of antivirus software, personal firewall software, and Windows service packs on the endpoint system prior to granting network access."
I think this is PERFECT !!
Can anyone please tell me how this differs from NAC and would it survice ??
P.S I intend to use the IPS module too, to ensure data passing the ASA will be "scrubed" clean.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...