NAC In-Band for AnyConnect Clients are not put in-band

Unanswered Question
Aug 27th, 2009
User Badges:


I am trying desperately to get this working and I know I am VERY close. The problem is AnyConnect users logon the ASA. They get authenticated through the CAS. They open a web page on the CAS. They get a redirect to the agent download. The agent installs. And thats it. Nothing else happens.

In my lab after the agent installs, then the user gets the NAC Agent GUI pop-up and they have to logon again to get to the network they want to get to.

That does not happen in my case. Here is a drawing of the setup. These users are ultimately trying to get to the Terminal Server Farm.

http:[email protected]/3862439726/sizes/o/

On the CAS I see them as VPN authorized. But the SSO piece does not seem to be working. I dont see them as In-Band. They are not forced into a role.

This may or not be something. Its from the CAS nac_server.log

I see this when an AnyConnect user logs in:

2009-08-27 15:28:50.636 -0400 WARN com.perfigo.wlan.jmx.admin.VPNUserManager - Failed to forward accounting request.Client Receive Exception: Packet Receive Failed (Receive timed out)

I dunno, but I am going nuts on this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion