ASA RSA and now NAC

Unanswered Question
Aug 27th, 2009
User Badges:

Hello All,


I've installed an ASA5540 which is happily terminating SSL VPNs, both AnyConnect and the WebVPN type.


Now the customer wants to add an RSA SecurID token based authentication server that will integrate with the AD. Users will enter their name and pin and the ASA will push this to the RSA server which in turn will pull user information from the AD controllers.


All fine, but now we'll also have to add a NAC manager and server.


My question is, once the users get the ok from RSA/AD servers, will they then need to enter their username/passwords again to get approved by the NAC, which also needs to talk to AD?



I've seen SSO mentioned but what is the flow?


ASA -> RSA -> AD

and

ASA -> NAC -> AD


Also, can I put the NAC server on the same LAN as the ASA inside, without actually putting it in-line (more subnet hassle) and configure it to go in and out the same interface?


Any help appreciated.


Cheers Tony

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion