EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1770 background imageLoading...
Page #1770 background image
1-10
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Network Admission Control
Configuring a NAC Policy
Detailed Steps
Setting the Revalidation Timer
After each successful posture validation, the ASA starts a revalidation timer. The expiration of this timer
triggers the next unconditional posture validation. The ASA maintains the current access policy during
revalidation.
By default, the interval between each successful posture validation is 36000 seconds (10 hours). To
change it, enter the following command in nac-policy-nac-framework configuration mode:
Detailed Steps
Configuring the Default ACL for NAC
Each group policy points to a default ACL to be applied to hosts that match the policy and are eligible
for NAC. The ASA applies the NAC default ACL before posture validation. Following posture
validation, the ASA replaces the default ACL with the one obtained from the Access Control Server for
the remote host. The ASA retains the default ACL if posture validation fails.
The ASA also applies the NAC default ACL if clientless authentication is enabled (which is the default
setting).
Command Purpose
Step 1
nac-policy-nac-framework
Switches to nac-policy-nac-framework
configuration mode.
Step 2
sq-period seconds
Example:
hostname(config-group-policy)# sq-period 1800
hostname(config-group-policy)
Changes the status query interval.
seconds must be in the range 30 to 1800 seconds (5
to 30 minutes).
Changes the query timer to 1800 seconds.
Step 3
(Optional)
[no] sq-period seconds
Turns off the status query timer.
Step 4
show running-config nac-policy
Displays a 0 next to the sq-period attribute, meaning
the timer is turned off.
Command Purpose
Step 1
nac-policy-nac-framework
Switches to nac-policy-nac-framework.
Step 2
reval-period seconds
Example:
hostname(config-nac-policy-nac-framework)#
reval-period 86400
hostname(config-nac-policy-nac-framework)
Changes the interval between each successful
posture validation.
seconds must be in the range is 300 to 86400
seconds (5 minutes to 24 hours).
Step 3
(Optional)
[no] reval-period seconds
Turns off the status query timer.
Step 4
show running-config nac-policy
Displays a 0 next to the sq-period attribute, which
means the timer is turned off.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals