CAS as both VPN-SSO and WIndows-SSO auth provider

Unanswered Question
Oct 23rd, 2008

Can you enable both the VPN-SSO auth method and Windows-SSO auth method on the same CAS? We have a CAS sitting behing our VPN, primarly used for RA VPN using AnyConnect. This works great. We also have 3 L2L tunnels we would like to move to this VPN, so that our users in those branches would run through NAC appliance. For that we would need the Windows-SSO enable. Could this CAS do both simultaneously? Or is it one or the other? I do not see which method the CAS would choose for the different request, so I am guessing its one or the other. Please let me know - i do appreciate your time and help on this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Thu, 10/30/2008 - 12:21

Cisco NAC Appliance supports Single Sign-On (SSO) for the following:

a)Cisco VPN Concentrators

b)Cisco ASA 5500 Series Adaptive Security Appliances

c)Cisco Airespace Wireless LAN Controllers

d)Cisco SSL VPN Client (Full Tunnel)

e)Cisco VPN Client (IPSec)

Refer to the section "User Management: Configuring Auth Servers->Adding an Authentication Provider->Cisco VPN SSO" in the following URL for more information about vpn SSO:

It depends who you ask!!!. I ran into a problem last week on a similar setup and worked with Cisco TAC to resolve the issue. We were not able to get the ADSSO working for wired users - VPNSSO is working fine for wireless users. Finally the TAC told me it's not a supported config. But, according to Cisco DEs' it is supported and it should work. We are currently working with Cisco to resolve this issue. Stay tuned!


This Discussion