By deploying an SSL VPN proxy on the LAN in front of critical applications, you can now run a health check on every device that accesses the applications and provide an additional level of policy-based access. The traffic between the proxy and the end point will also be encrypted, which may be a plus if your users work with sensitive information.
The key drawback here is scalability. Because the SSL VPN is a proxy it may have a hard time scaling to support a large numbers of users and/or a high volume of transactions. This solution may also require a significant effort to ???Webify??? the applications you want to protect.
As you can see, neither of these options are perfect. However, both may serve as NAC starter kits, allowing you to run trials and track end point compliance to corporate policies without breaking the bank or requiring major overhauls to your existing architecture. If you???re sounding out a NAC architecture, these two ideas are worth hearing.