How do VPNs fit within enterprise network access control architectures like NAC and NAP?

SSL VPN products started offering the endpoint security techniques that I just described long before those access control architectures became popular inside corporate LANs. Those architectures turn the corporate LAN inside out by treating every user and every device -- local or remote -- as potentially unknown, potentially infected, and thus potentially dangerous. Companies are used to dealing with remote access users this way -- NAC architectures just apply this philosophy to local users too.

Cisco's NAC architecture can use the Cisco 3000 VPN concentrator as a network access device -- a NAD is an element that sits at the edge of a protected network to permit/deny access and enforce admission decisions. The key component of Microsoft's NAP is not yet released, and Microsoft's architecture does not officially incorporate any specific VPN products. However, many VPN vendors have expressed their intent to support NAP.

This doesn't translate into a lot of NAC- or NAP-capable VPN products today. However, those architectures are still in their early days, and I do expect to see much broader VPN support for NAC and NAP in the future.

This was first published in December 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: