Hi.... I am new to NAC. We have Cisco NAC 3310 CAM and CAS appliances running 4.1.8 which we are currently testing in conjunction with an ASA 5550 for remote vpn users.
We are nearly ready to roll out a NAC protected VPN service....but before I commit this as a production service, I would like to have everything up to date with the latest OS, software, NAC agents etc.....so while I can do so without inconveniencing users, I was considering upgrading to 4.7....we just got the ISO from our vendor. However, upon reading the release notes I am a bit reluctant to proceed. The first thing which worries me is the "Known Issue for VPN SSO Following Upgrade to Release 4.5 and Later": http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/47rn.html#wp711526 I am not even sure if this applies to me. Our deployment is/will be a L3 in-band deployment which looks a bit like: Internet <--> ASA5550 FW/VPN <--> VPN User's Subnet <--> CAS <--> Private LAN Currently, I do have VPN SSO working, and I certainly don't want to lose this. However, the above URL suggests that this known issue affects L2 deployments.....am I reading this incorrectly? I have also seen mention of certificate issues. I have not put any valid certificates on our devices yet.....while testing, I have only been using the temporary perfigo certificate up to now. I had planned on waiting until had everything as up to date as possible before importing a third party cert.... Also, I have noticed that the licensing system in 4.7 uses FlexLM.....do I need to get new license codes? Finally, I have seen mention via this mailing list that 4.7.1 will be released shortly, and will support Windows 7 and OSX Snow Leopard. Would it be better to wait for this instead? Might this release fix the "Known Issue for VPN SSO...." above? Apologies if my questions seem a little disorganised.....I am not entirely sure what questions I should be asking.... I would be most grateful for any help, suggestions, hints/tips or clarifications on these issues.... Thanx muchly in advance. Chris Bradshaw.
