5.2. So ... NAC to Get In

You find few differences between what a particular SSL VPN can do and what a particular NAC solution does. So, why does the industry make a distinction between the two types of products? Can you use an SSL VPN interchangeably with a NAC solution?

To muddy up the topic a little more, some NAC implementations include a remote access VPN component, or they might tie in closely with a similar technology from that same vendor. In these cases, you can achieve some level of coordination between SSL VPN and NAC by using the solutions together. (You might also save on costs by consolidating remote access control with local access control.)

When using both SSL VPN and NAC together, use consistent sets of policies for both remote access and local access. For example, don't force a user to use strong authentication and pass endpoint integrity scans on the local LAN if he or she can log in remotely via SSL VPN by using a static user name and password without endpoint integrity scans.

When evaluating an SSL VPN device for local access control (NAC), the biggest issue is scalability:

  • In the remote access world, an inline appliance, such as an SSL VPN, is ideal for terminating the user traffic:

    • All the remote users come into the network from the same location (the corporate Internet connection).

    • The total amount of bandwidth is limited by the size of that connection.

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial