Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3030 Concentrator -- Antivirus

Is there a way to configure the 3030 to require a client to have antivirus software?


New Member

Re: VPN 3030 Concentrator -- Antivirus

Err, no there ain't. However, if you use something like iPass ( for your internet connection, that can check for the presence of AV and PFW's before allowing a connection to the Internet and subsequently to the 3030.

New Member

Re: VPN 3030 Concentrator -- Antivirus

Try zone labs integrity server. It looks to AV and it also does policy based gateway enforcement. Have been using it for about 1 monh now. Not bad...

Cisco Employee

Re: VPN 3030 Concentrator -- Antivirus

Yes definately. The VPN client (from 3.6 onwards) also actually has a firewall built into it, which you can leave turned on even if the VPN client isn't running.

Other than that, you can configure the concentrator group to require that the client has anti-virus software running before it will establish a connection. We currently support (as of 4.0) BlackIce, ZoneAlarm, ZA Pro, ZA Integrity, Sygate PFW, Sygate PFW Pro, Sygate Security Agent and Cisco Security Agent.

Check the Client FW tab under the group on the concentrator, the online help has all the info you need to configure it (you don't need to do anything on the client specifically other than have the appopriate firewall SW running).

New Member

Re: VPN 3030 Concentrator -- Antivirus

Thanks for the reply. We currently run Symantec Corporate Edition. Any plans to support Symantec in the future?

New Member

Re: VPN 3030 Concentrator -- Antivirus

I've looked for the option to specify antivirus requirement for vpn users before they connect, but cannot find it. You have a link for this?

thx in advance...POH


Re: VPN 3030 Concentrator -- Antivirus

Cisco is releasing NAC soon. (network access control) NAC will have a client app called the Trust Agent. The next hop router inside the network can make sure the end client conforms to specifications (app versions, anti-virus client, etc) before routing the traffic from that client by communicating with the Trust Agent.

I'm sure they'll probably update the VPN concentrator to interact direclty with the Trust Agent as well as it makes obvious sense to do so.

CreatePlease to create content