How do VPNs fit within enterprise network access control architectures like NAC and NAP?

NAC and NAP security architecture offer similar endpoint security solutions as SLL VPNs. NAC and NAP architecture differs from an SSL VPN because they treat internal users as possible threats.

SSL VPN products started offering the endpoint security techniques that I just described long before those access control architectures became popular inside corporate LANs. Those architectures turn the corporate LAN inside out by treating every user and every device -- local or remote -- as potentially unknown, potentially infected, and thus potentially dangerous. Companies are used to dealing with remote access users this way -- NAC architectures just apply this philosophy to local users too.

Cisco's NAC architecture can use the Cisco 3000 VPN concentrator as a network access device -- a NAD is an element that sits at the edge of a protected network to permit/deny access and enforce admission decisions. The key component of Microsoft's NAP is not yet released, and Microsoft's architecture does not officially incorporate any specific VPN products. However, many VPN vendors have expressed their intent to support NAP.

This doesn't translate into a lot of NAC- or NAP-capable VPN products today. However, those architectures are still in their early days, and I do expect to see much broader VPN support for NAC and NAP in the future.

This was first published in December 2007

Dig deeper on Virtual Private Network (VPN)



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: