Kaspersky Administration Kit 8.0

 
 
 

How to configure Cisco NAC to work with Kaspersky Administration Kit 8.0

Back to "Server Maintenance"
2012 Jan 23 ID: 2750
 
 
 
 

Applies to Kaspersky Administration Kit 8.0

Before you begin integrating Kaspersky Administration Kit with Cisco NAC, please make sure that there is Cisco technology already implemented in the network. To do it, check if the following conditions are met:

  • All client PCs connect to the network via Network Access Device.
  • Cisco Trust Agent application is installed on all client PCs.
  • There is a computer in the network with installed Access Control Server.
  • Access Control Server and Network Access Device are configured to know about each other.

 

Meeting all these conditions means that NAC is functioning already allowing to control network access for client computers. In order to integrate Kaspersky Administration Kit into this structure, follow theses steps:

  1. Implement the Kaspersky Administration Kit complex in the network as follows:
    1. Install an Administration server. Do not forget to select in the list of components Kaspersky Lab Cisco NAC Posture Validation Server to install.




      InformationAn Administration server with this component can be installed before implementing Cisco NAC in the corporate network.
    2. Install Network agent on all client PCs. Posture Plugin will be installed along with Network agent for connecting Network agent with Cisco Trust Agent already installed on the client PC.
  2. Configure Posture Validation Server rules to get a verdict about client computer protection status. The rules are configured in Administration server properties tab Cisco NAC.

  3. Configure Access Control Server:
    1. Upload a Kaspersky Lab company ADF file (ADF - Attribute Definition File) into Access Control Server.

    2. Add a Kaspersky Lab Posture Validation Server link to the external Posture Validation Server list and specify to give Kaspersky Lab Credential Types to it.


      A link is an URL and port (18000 by default) of the computer with installed Administration server - http://<SERVERNAME/IP:port>.


      WarningTesting revealed an error in Access Control Server preventing to correctly configure applications. To avoid it, add a random parameter to the Posture Validation Server URL. Like this, for example:
      http://<SERVERNAME/IP:port>/1111.

    3. Configure Posture validation for client computers using Kaspersky Lab Posture Validation Server.
 
 
 
 
Did the provided info help you?
Yes No