Cisco Cisco NAC Appliance 4.1.0
10-2
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 10 Clean Access Implementation Overview
Clean Access Overview
•
Network Scanner—This method provides network-based vulnerability assessment and web-based
remediation. The network scanner in the local Clean Access Server performs the actual network
scanning and checks for well-known port vulnerabilities to which a particular host may be prone. If
vulnerabilities are found, web pages configured in the Clean Access Manager can be pushed to users
to distribute links to websites or information on how users can fix their systems.
remediation. The network scanner in the local Clean Access Server performs the actual network
scanning and checks for well-known port vulnerabilities to which a particular host may be prone. If
vulnerabilities are found, web pages configured in the Clean Access Manager can be pushed to users
to distribute links to websites or information on how users can fix their systems.
Clean Access can be implemented on your network as:
•
Clean Access Agent only
•
Network scanning only
•
Clean Access Agent with network scanning
Clean Access Agent Download
illustrates the general user sequence for the initial download and install of the Clean Access
Agent, if the administrator has required use of the Clean Access Agent for the user’s role and OS.
Figure 10-1
Downloading Clean Access Agent
The Clean Access Agent software is always included as part of the Clean Access Manager software.
When the CAM is installed, the Clean Access Agent Setup Installation file and Patch Upgrade file are
already present and automatically published from the CAM to the CASes. To distribute the Agent to
clients, you simply require the use of the Clean Access Agent in the CAM web console for the desired
user role/operating system. Once downloaded and installed, the Agent performs checks on the client
according the Clean Access Agent requirements you have configured in the CAM.
When the CAM is installed, the Clean Access Agent Setup Installation file and Patch Upgrade file are
already present and automatically published from the CAM to the CASes. To distribute the Agent to
clients, you simply require the use of the Clean Access Agent in the CAM web console for the desired
user role/operating system. Once downloaded and installed, the Agent performs checks on the client
according the Clean Access Agent requirements you have configured in the CAM.
First-time users can download and install the Clean Access Agent by opening a web browser to log into
the network. If the user’s login credentials associate the user to a role that requires the Agent, the user
will be redirected to the Clean Access Agent download page. After the Clean Access Agent is
downloaded and installed, the user is immediately prompted to log into the network using the Agent
dialogs, and is scanned for Agent requirements and Nessus plugin vulnerabilities (if enabled). After
successfully meeting the requirements configured for the user’s role and operating system and passing
scanning (if enabled), the user is allowed access to the network.
the network. If the user’s login credentials associate the user to a role that requires the Agent, the user
will be redirected to the Clean Access Agent download page. After the Clean Access Agent is
downloaded and installed, the user is immediately prompted to log into the network using the Agent
dialogs, and is scanned for Agent requirements and Nessus plugin vulnerabilities (if enabled). After
successfully meeting the requirements configured for the user’s role and operating system and passing
scanning (if enabled), the user is allowed access to the network.
You can distribute Agent Patch Upgrades to clients by configuring auto-upgrade options in the web
console. Agent Upgrade Patches are retrieved on the CAM via
console. Agent Upgrade Patches are retrieved on the CAM via
See
for additional details.