This is my first post.
I have an IB deployment of NAC - currently there are wireless users going through the CAS - everything there works fine.
I am configuring VPN access on an ASA5520 and have vlan mapping configured for the VPN groups. I have tried both SSL and IPSec VPN for access and am seeing the same results.
Scenario: When I connect to the tunnel-group, either SSL or with the Cisco IPSec client, I am mapped to the proper VLAN (117). I am running ASA 8.0.3(12). After I'm connected I attempt to browse to an IP address - I am successfully redirected if the CAA is not running. If the Agent is running, it will pop up and ask for credentials - After authenticating with CAS (either with VPN-SSO or using Local DB) I try to ping an IP address, 10.10.10.10 in this case. The reply comes back to my VPN client and then I try to browse to the same IP address and that's where it breaks. I cannot browse to the IP address on 80 or 443.
I did a capture on both interfaces of the CAS, unfrosted and trusted - on the trusted side I do not see my https request make it through.
On the role that my user is mapped to the traffic IS permitted. First I tried only one line of configuration: permit IP any. Then I tried to be more specific - I configured permit TCP any and UDP any. Still doesn't work.
I'm currently working with TAC on this, but any input will be much appreciated.
Thank you in advance!