VPN ==> NAC Appliance How-to (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> VPN


jcashtgusa -> VPN ==> NAC Appliance How-to (9.Oct.2006 11:30:46 AM)

Hi all,

I'm trying to route my incoming VPN clients through a Cisco NAC appliance, to check for anti-virus/updates/etc. To perform this I need to route the VPN client internet traffic through the subnet of the NAC appliance. The ISA server has 3 NICs - internal, external, and a third I called VPN, which is connected to the NAC appliance subnet ( The VPN clients are successfully receiving DHCP addresses from the subnet, but are still attempting to surf via the 'External' NIC of the ISA server. Is there a method to prevent the use of the default gateway of the ISA server, and instead route the VPN clients out the 'VPN' NIC for internet traffic?

oztrodamus -> RE: VPN ==> NAC Appliance How-to (9.Oct.2006 8:38:48 PM)

I believe what you're refereing to is called Split-Tunneling, but why would want to complicate your configuration? What is the advantage?

tonygauderman -> RE: VPN ==> NAC Appliance How-to (9.Oct.2006 10:01:14 PM)

this isn't split tunneling, it's Policy Based Routing, which at last check, can't be done.  I believe if you want NAC on a VPN tunnel you have two choices.... with ISA you can write your own script to help perform posture assessment (there are guides for that config, but I can't seem to find a URL tonight) or you can terminate the VPN's to a Cisco VPN device, which can use your Cisco NAC appliance.

Page: [1]