07-01-2009 12:12 AM - edited 02-21-2020 04:16 PM
Hi all
I have been trying to setup a CAS as inline real IP gateway mode to support single sign on via a Cisco ASA running cisco vpn IPsec client.
CAS and CAM are running 4.5.1
I have followed the online guide to the letter (except for running the CAS in virtual gateway mode and doing vlan mapping)
My vpn authentication works on the ASA and radius is passed though the CAS to the ACS server just fine.
I did a tcpdump on both cas and cam and saw the Radius accounting packet be transmitted from the ASA to the CAS and then from the CAS to the CAM, so the radius accounting 'start' packet is being transmitted upon the user being authenticated on the vpn.
The problem is that the laptop attempting to access the network will not display the 'auto login' screen from the CCA agent, instead the CCA agent displays the authentication request screen for user and password details.
I also following the advice of this link with no success
(Known Issue for VPN SSO Following Upgrade to Release 4.5)
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp711526
So I'm now doubting myself as to whether the CAS can support SSO in real IP gateway mode.
Dale
Solved! Go to Solution.
07-01-2009 06:59 AM
i've set it up in real ip gw mode, but not in 4.5. it worked fine.
is this the guide you followed?
07-01-2009 06:59 AM
i've set it up in real ip gw mode, but not in 4.5. it worked fine.
is this the guide you followed?
07-02-2009 03:54 PM
Well I followed the guide you linked and got it to work, so thank you.
I originally followed this one, and had no success.
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml
Both guides say pretty much say the same thing except for the vlan mapping.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide