Cisco Cisco Clean Access 3.5
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
1-4
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 1 Introduction
Cisco Clean Access Components
Clean Access Server (CAS)
The Clean Access Server (CAS) is the gateway between an untrusted and trusted network. The Clean
Access Server can operate in one of the following modes:
Access Server can operate in one of the following modes:
•
Virtual Gateway (bridge mode)
•
Real-IP Gateway
•
NAT Gateway (IP gateway with Network Address Translation services)
Note
NAT Gateway mode (in-band or out-of-band) is not recommended for production deployment.
•
Out-of-Band Virtual Gateway
•
Out-of-Band Real-IP Gateway
•
Out-of-Band NAT Gateway
When the CAS is in Out-of-Band mode, the CAS operates as a Virtual, Real-IP, or NAT Gateway while
user traffic is in-band for authentication and certification. The mode to use depends on the services
required of the CAS and the needs of your existing network.
user traffic is in-band for authentication and certification. The mode to use depends on the services
required of the CAS and the needs of your existing network.
Note
Out-of-band (Switch Management) licenses are required for OOB deployment.
This guide describes the global configuration and administration of Cisco Clean Access Servers and
Cisco Clean Access deployment using the Clean Access Manager web admin console.
Cisco Clean Access deployment using the Clean Access Manager web admin console.
For details on DHCP configuration, Cisco VPN Concentrator integration, CAS High-Availability
implementation, or the local configuration of a Clean Access Server, see the Cisco Clean Access Server
Installation and Administration Guide.
implementation, or the local configuration of a Clean Access Server, see the Cisco Clean Access Server
Installation and Administration Guide.
For details on out-of-band implementation, see
Clean Access Agent
When enabled for your Cisco Clean Access deployment, the Clean Access Agent can ensure that
computers accessing your network meet the system requirements you specify. The Clean Access Agent
is a read-only, easy-to-use, small-footprint program that resides on Windows user machines. When a user
attempts to access the network, the Clean Access Agent checks the client system for the software you
require, and helps users acquire any missing software.
computers accessing your network meet the system requirements you specify. The Clean Access Agent
is a read-only, easy-to-use, small-footprint program that resides on Windows user machines. When a user
attempts to access the network, the Clean Access Agent checks the client system for the software you
require, and helps users acquire any missing software.
Agent users who fail the system checks you have configured are assigned to the Clean Access Agent
Temporary role. This role gives users limited network access to access the resources needed to comply
with the Clean Access Agent requirements. Once a client system meets the requirements, it is considered
“clean” and allowed network access.
Temporary role. This role gives users limited network access to access the resources needed to comply
with the Clean Access Agent requirements. Once a client system meets the requirements, it is considered
“clean” and allowed network access.