Re: Remote users and NAC

Wed, 25 Feb 2009 10:00:26 -0800 

So usually in this environment when the vpn terminates the traffic will
follow the routing table to get to the inside, which usually bypasses
the NAS. In order to get VPN traffic routing through the DMZ to get to
the inside (basically ignoring the standard routing table) you can use
the "tunneled" option at the end of the static routes in the ASA. Here
is a link explaining the VPN gateway option: 
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635
/ps6659/prod_white_paper0900aecd805f0bd6.html
<http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps663
5/ps6659/prod_white_paper0900aecd805f0bd6.html> 

 

 

Jim

 

Jim Thomas

Area Networks, Inc.

CCIE Security #16674

CCSP,CCNP,CCDP

     [email protected] <mailto:[email protected]> 

     Office: 650-242-8050

    Cell: 916-342-2265

 

  

 

From: Cisco Clean Access Users and Administrators
[mailto:[email protected]] On Behalf Of Lane Clark
Sent: Wednesday, February 25, 2009 9:16 AM
To: [email protected]
Subject: Re: Remote users and NAC

 

The asa is providing both.

On Wed, Feb 25, 2009 at 9:51 AM, Jim Thomas <[email protected]>
wrote:

Is the ASA providing firewall services to the internal network as well
or just VPN services to these remote users?

 

Thanks

Jim

 

Jim Thomas

Area Networks, Inc.

CCIE Security #16674

CCSP,CCNP,CCDP

    [email protected] <mailto:[email protected]> 

    Office: 650-242-8050

    Cell: 916-342-2265





 

From: Cisco Clean Access Users and Administrators [mailto:
[email protected]] On Behalf Of Lane Clark
Sent: Wednesday, February 25, 2009 8:32 AM
To: [email protected]
Subject: Remote users and NAC

 

I am trying to deploy NAC for my vpn users.  I am trying to land the vpn
users in a dmz off of my asa and then run them through an inline nac
appliance.  Has anybody done this successfully?  How are all of you
deploying nac for remote users?  Any help would be appreciated, we are
pretty frustrated at this point.  This shows what we are trying to
accomplish.

Remote Users ---  ASA  ---- DMZ  ---- Untrusted Interface ---- CAS
---- Trusted Interface  ---- Internal Network


Thanks for any help.

Lane

<<image001.gif>>

<<image002.gif>>

<<image003.jpg>>

<<image004.jpg>>

<<image005.png>>

Reply via email to