just for clarification, i attached a quick sketchup. is this somewhat the topology you had in mind?
If so then you should be able to use CAS 2 for the ASA and WAN router. The NAC agents installed in the remote locations should have a discovery host in the trusted network and you have to force the incoming traffic through the CAS. But it should be possible as far as i can see.
Only thing to keep in mind is the 1Gbit throughput limit on the CAS, depending on the amount of traffic coming from remote sites and VPN users it may or may not be an issue.