VPN ==> NAC Appliance How-to (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> VPN



Message


jcashtgusa -> VPN ==> NAC Appliance How-to (9.Oct.2006 11:30:46 AM)

Hi all,

I'm trying to route my incoming VPN clients through a Cisco NAC appliance, to check for anti-virus/updates/etc. To perform this I need to route the VPN client internet traffic through the subnet of the NAC appliance. The ISA server has 3 NICs - internal, external, and a third I called VPN, which is connected to the NAC appliance subnet (192.168.2.0). The VPN clients are successfully receiving DHCP addresses from the 192.168.2.0 subnet, but are still attempting to surf via the 'External' NIC of the ISA server. Is there a method to prevent the use of the default gateway of the ISA server, and instead route the VPN clients out the 'VPN' NIC for internet traffic?




oztrodamus -> RE: VPN ==> NAC Appliance How-to (9.Oct.2006 8:38:48 PM)

I believe what you're refereing to is called Split-Tunneling, but why would want to complicate your configuration? What is the advantage?




tonygauderman -> RE: VPN ==> NAC Appliance How-to (9.Oct.2006 10:01:14 PM)

this isn't split tunneling, it's Policy Based Routing, which at last check, can't be done.  I believe if you want NAC on a VPN tunnel you have two choices.... with ISA you can write your own script to help perform posture assessment (there are guides for that config, but I can't seem to find a URL tonight) or you can terminate the VPN's to a Cisco VPN device, which can use your Cisco NAC appliance.




Page: [1]