Hi Michael, I went with 4.1.6 because that's the only one I could download off of Cisco's site, but I will look again. Are there newer versions?
Thanks again for answering. I appreciate it very much, Pete From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Stanclift, Michael Sent: Wednesday, August 12, 2009 12:21 PM To: [email protected] Subject: Re: NAC Noob Why go with 4.1.6? Michael Stanclift Network Analyst Rockhurst University http://help.rockhurst.edu<http://help.rockhurst.edu/> (816) 501-4231 PThink before you print! From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Pete Boynton Sent: Wednesday, August 12, 2009 9:20 AM To: [email protected] Subject: NAC Noob Hello to All, We are getting ready to deploy two 3310s for virtual call center users. The users are home based Customer Service Reps who VPN into us and are allowed access to the network. Currently we have written agreements with Reps that they have Windows Update enabled and use an AntiVirus product. Obviously we can't enforce that written agreement, but with the 3310s, I hope that will change. There are about 180 Reps who could be connected at any time. We don't want the NACs to get too much in the way of letting users get their work done, yet at the same time some kind of standardized install for desktop PCs needs to be established. We'd like this hardware to take us at least five years into the future if possible. We are running 4.1.6 and the NAC Agent is the latest one. We have decided that having redundancy for the CAS is important since a failure of one would stop people from working (coming in over VPN forces us to use In-Band). We will not double up on the CAM since if it fails the CAS can be configured to fail open. The reason I am writing is to get ideas on how you might deploy your policies or topology if you had to do it all over again. What lessons did you learn and mistakes did you make that might help us do a better deployment. Does anything I say here make you think I am going in the wrong direction? I appreciate any comments and/or ideas very much. Thank You, Pete
