SSL VPN products started offering the endpoint security techniques that I just described long before those access control architectures became popular inside corporate LANs. Those architectures turn the corporate LAN inside out by treating every user and every device -- local or remote -- as potentially unknown, potentially infected, and thus potentially dangerous. Companies are used to dealing with remote access users this way -- NAC architectures just apply this philosophy to local users too.
Cisco's NAC architecture can use the Cisco 3000 VPN concentrator as a network access device -- a NAD is an element that sits at the edge of a protected network to permit/deny access and enforce admission decisions. The key component of Microsoft's NAP is not yet released, and Microsoft's architecture does not officially incorporate any specific VPN products. However, many VPN vendors have expressed their intent to support NAP.
This doesn't translate into a lot of NAC- or NAP-capable VPN products today. However, those architectures are still in their early days, and I do expect to see much broader VPN support for NAC and NAP in the future.
This was first published in December 2007