We have a partially managed IT company at the school i work at. They have put in a place a VPN which goes through the county councils network.

Im not too sure what kind of security has been put in place, ideally i was thinking NAP should be used to decline connections to any clients who dont have up to date anti virus and windows updates etc but this doesnt appear to be in place. Before i email them asking what is in place and what we would like could someone please advise what should be in place in your opinion or what youer school has in place.

Id just like to have some clear ideas for when i speak to them about it to be able to know what it is we want.

I dont know too much about it but its running off server 2003 and is cisco software client we are using. And i recall something by the name of Cisco ASA being involved but no idea about that just repeating what i think i heard when it was being setup.