Cisco Cisco Clean Access 3.5
1-2
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 1 Introduction
Cisco Clean Access Components
•
VPN concentrator integration—Integrates with Cisco VPN Concentrators (e.g. VPN 3000, ASA)
and provides Single Sign-On (SSO).
and provides Single Sign-On (SSO).
•
Clean Access compliance policies—Allows you to configure client vulnerability assessment and
remediation via use of Clean Access Agent or Nessus-based network port scanning.
remediation via use of Clean Access Agent or Nessus-based network port scanning.
•
Out-of-Band deployment — Allows clients to traverse the Cisco Clean Access network only for
vulnerability assessment and remediation while bypassing it after certification.
vulnerability assessment and remediation while bypassing it after certification.
•
Traffic filtering policies—Role-based policies provide fine-grained control of network traffic.
•
Bandwidth management controls—Limit bandwidth for downloads or uploads.
•
Roaming—Network connections roam seamlessly across Clean Access Server-connected subnets.
•
High availability—Ensure that services continue if unexpected shutdowns occur.
Cisco Clean Access Components
Cisco Clean Access is a network-centric integrated solution administered from the Clean Access
Manager web console and enforced through the Clean Access Server and (optionally) the Clean Access
Agent. Cisco Clean Access checks client systems, enforces network requirements, distributes patches
and antivirus software, and quarantines vulnerable or infected clients for remediation before clients
access the network. Cisco Clean Access consists of the following components (in
Manager web console and enforced through the Clean Access Server and (optionally) the Clean Access
Agent. Cisco Clean Access checks client systems, enforces network requirements, distributes patches
and antivirus software, and quarantines vulnerable or infected clients for remediation before clients
access the network. Cisco Clean Access consists of the following components (in
):
•
Clean Access Manager (CAM)—The administration server for Clean Access deployment. The
secure web console of the Clean Access Manager is the single point of management for up to 20
Clean Access Servers in a deployment. For Out-of-Band deployment, the web admin console also
provides Switch Management capability.
secure web console of the Clean Access Manager is the single point of management for up to 20
Clean Access Servers in a deployment. For Out-of-Band deployment, the web admin console also
provides Switch Management capability.
Note
The CAM web admin console supports Internet Explorer 6.0 or above only, and with release
3.5(7) and above, requires high encryption (64-bit or 128-bit). High encryption is also
required for client browsers for web login and Clean Access Agent authentication.
3.5(7) and above, requires high encryption (64-bit or 128-bit). High encryption is also
required for client browsers for web login and Clean Access Agent authentication.
•
Clean Access Server (CAS)—Gateway server and enforcement engine between the untrusted
(managed) network and the trusted network. The CAS enforces the policies you have defined in the
CAM web admin console, including network access privileges, authentication requirements,
bandwidth restrictions, and Clean Access system requirements. It can be deployed in- band or
out-of-band.
(managed) network and the trusted network. The CAS enforces the policies you have defined in the
CAM web admin console, including network access privileges, authentication requirements,
bandwidth restrictions, and Clean Access system requirements. It can be deployed in- band or
out-of-band.
•
Clean Access Agent (CAA)—Optional read-only agent that resides on Windows clients. The Clean
Access Agent checks applications, files, services or registry keys to ensure that clients meets your
specified network and software requirements prior to gaining access to the network.
Access Agent checks applications, files, services or registry keys to ensure that clients meets your
specified network and software requirements prior to gaining access to the network.
Note
With Clean Access Agent vulnerability assessment, there is no client firewall restriction.
The Agent is able to check the client registry, services, and applications even if a personal
firewall is installed and running. Note that either local admin or power-user privileges are
necessary to install the Agent; however, these are not needed for running the Agent.
The Agent is able to check the client registry, services, and applications even if a personal
firewall is installed and running. Note that either local admin or power-user privileges are
necessary to install the Agent; however, these are not needed for running the Agent.
•
Clean Access Policy Updates—Regular updates of pre-packaged policies/rules that can be used to
check the up-to-date status of operating systems, antivirus software, and other client software.
Provides built-in support for over 15 vendors.
check the up-to-date status of operating systems, antivirus software, and other client software.
Provides built-in support for over 15 vendors.