I currently have ASA VPN that is cofigured to work with NAC inline mode with Virtual GW and CCA using Single Sign On and Active Directory via a MS IAS server. Everything works fine. We want to have vendors use this solution as well but do not want to give them AD accounts. We would like the Vendor to connect to VPN but since there is no AD account they must authentcate to teh NAC local database but this is not working. We want to move away from users have local ASA VPN accounts to using the VPN through the ASA but using SSO and the NAC. Can this be done without creating Active Directory Accounts for the Vendors?
I have this problem too.