I have implemented a NAC solution for Remote Users. The CAS appliance in configured in-band invirtual gateway mode.
I have followed all the steps listed in http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml
Remote users can log in succeffuly using cisco vpn software and they can ping the NAS but not the DNS (the ASA offer the IP@ but not the DNS i dont know why).
When I access the NAS, I can download the NAC Agent but VPN SSO is not performed and the Agent asks me to log in using LOCAL DB.
Any help please,
For VPN SSO to work, you have to send the accounting packet to the CAS. The CAS can in turn send that to the ACS if you require accounting also be done on the ACS, but for SSO to work, the accounting has to hit the CAS.