NAC In-Band for AnyConnect Clients are not put in-band

Unanswered Question
Aug 27th, 2009
User Badges:

Hello!,


I am trying desperately to get this working and I know I am VERY close. The problem is AnyConnect users logon the ASA. They get authenticated through the CAS. They open a web page on the CAS. They get a redirect to the agent download. The agent installs. And thats it. Nothing else happens.


In my lab after the agent installs, then the user gets the NAC Agent GUI pop-up and they have to logon again to get to the network they want to get to.


That does not happen in my case. Here is a drawing of the setup. These users are ultimately trying to get to the Terminal Server Farm.


http:[email protected]/3862439726/sizes/o/


On the CAS I see them as VPN authorized. But the SSO piece does not seem to be working. I dont see them as In-Band. They are not forced into a role.


This may or not be something. Its from the CAS nac_server.log


I see this when an AnyConnect user logs in:


2009-08-27 15:28:50.636 -0400 WARN com.perfigo.wlan.jmx.admin.VPNUserManager - Failed to forward accounting request.Client Receive Exception: Packet Receive Failed (Receive timed out)


I dunno, but I am going nuts on this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion