I am having a slight issue with NAC regarding the notification of the posture result to the client too frequently.
1. I have setup NAC to work for our remote access IPSec VPN connections on a Cisco 3020 VPN Concentrator. This has been working perfectly for the past 3-4 years.
Because of the tight security restrictions that have to be used (the industry I work in) I have to set the 'Status Query' interval timer to 180 seconds, so that it checks the posture every 3 minutes. This works fine and the user only receives posture notification the first time and then if none of the attributes change there are no further posture notifications. If an attribute changes (eg: virus pattern file upgrade, Windows patch, etc) then the user gets notified with their new posture result.
(hope that makes sense - basically it works exactly like it is meant too)
2. We are now de-commissioning the VPN Concentrator and replacing it with a Cisco 5520 ASA. I have configured it and it is working perfectly EXCEPT that every 180 seconds (the Status Query Interval setting) the end user gets notified on their posture result, regardless of if it is exactly the same as the previous result. So basically the end host gets a NAC Posture Result pop-up every 180 seconds, where this did not happen with the VPN Concentrator.
Any help would be apprecaited. If you need more information, please let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...