We just migrated from ACS 4.0 for Windows to ACS 4.2 SE.
I'm wondering why would anyone want to make AAA traffic go through ACS if they could just make it authenticate against Windows AD directly through either LDAP or RADIUS?
Doesn't this create an extra hop and point of failure?
We're in hybrid mode of VPN solutions right now:
We have Cisco 3030 VPN concentrators that go through ACS.
We also have Juniper's SSL VPN 6500's that authenticate against the domain controllers directly.
Both work equally well. (we can define which AD groups are allowed through VPN on the Juniper box)
What's the point of having ACS?