I've installed an ASA5540 which is happily terminating SSL VPNs, both AnyConnect and the WebVPN type.
Now the customer wants to add an RSA SecurID token based authentication server that will integrate with the AD. Users will enter their name and pin and the ASA will push this to the RSA server which in turn will pull user information from the AD controllers.
All fine, but now we'll also have to add a NAC manager and server.
My question is, once the users get the ok from RSA/AD servers, will they then need to enter their username/passwords again to get approved by the NAC, which also needs to talk to AD?
I've seen SSO mentioned but what is the flow?
ASA -> RSA -> AD
ASA -> NAC -> AD
Also, can I put the NAC server on the same LAN as the ASA inside, without actually putting it in-line (more subnet hassle) and configure it to go in and out the same interface?
Any help appreciated.