Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
2
Replies

NAC SSO vpn: is CAS Real-IP mode supported ?

Go to solution
koeppend
Level 4
Level 4

‎07-01-2009 12:12 AM - edited ‎02-21-2020 04:16 PM

Hi all

I have been trying to setup a CAS as inline real IP gateway mode to support single sign on via a Cisco ASA running cisco vpn IPsec client.

CAS and CAM are running 4.5.1

I have followed the online guide to the letter (except for running the CAS in virtual gateway mode and doing vlan mapping)

My vpn authentication works on the ASA and radius is passed though the CAS to the ACS server just fine.

I did a tcpdump on both cas and cam and saw the Radius accounting packet be transmitted from the ASA to the CAS and then from the CAS to the CAM, so the radius accounting 'start' packet is being transmitted upon the user being authenticated on the vpn.

The problem is that the laptop attempting to access the network will not display the 'auto login' screen from the CCA agent, instead the CCA agent displays the authentication request screen for user and password details.

I also following the advice of this link with no success

(Known Issue for VPN SSO Following Upgrade to Release 4.5)

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp711526

So I'm now doubting myself as to whether the CAS can support SSO in real IP gateway mode.

Dale

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srue
Level 7
Level 7

‎07-01-2009 06:59 AM

i've set it up in real ip gw mode, but not in 4.5. it worked fine.

is this the guide you followed?

http://www.cisco.com/en/US/partner/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html

View solution in original post

0 Helpful
2 Replies 2

Go to solution
srue
Level 7
Level 7

‎07-01-2009 06:59 AM

i've set it up in real ip gw mode, but not in 4.5. it worked fine.

is this the guide you followed?

http://www.cisco.com/en/US/partner/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html

0 Helpful

Go to solution
koeppend
Level 4
Level 4
In response to srue

‎07-02-2009 03:54 PM

Well I followed the guide you linked and got it to work, so thank you.

I originally followed this one, and had no success.

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml

Both guides say pretty much say the same thing except for the vlan mapping.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents