I have an update for this case:

- CAA request username and password after VPN connection.

(Solved) VPN SSO is being done.

-  Users dont appear in "Active Clients".

(Solved) VPN Users appear in "Active Clients". I changed ASA's IP address in CAS > VPN Auth > VPN Concentrator.

The only problem now  is that the CCA is open from time to time. This interval of time varies  according to I change the "Agent VPN Detection Delay" in VPN Auth.

Have some idea of what can be?

Hi, Eduardo!

I had a same problem with CAA.

I fixed it by setting SwiftTimeout in registry(HKEY_CURRENT_USER\Software\Cisco\Clean Access Agent\). This solution only work in NAC version <=4.5

In 4.7 you need edit NACAgentCFG.xml file.

I hope it helps you.

SwiftTimeout or SwissTimeout? Tell me  how should I put there?

I realized that when the VPN  user authenticates (SSO), NAC add he to certified devices but "User MAC" is the physical adapter and not VPN adapter.

Of course it' swisstimeout! I'm sorry!

Which NAC version do you have?

If you have 4.5.1 please read page C-3 from "Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide Release 4.5(1)".

I think MAC address is OK!

I think that CCA sends all MACs from computer, but puts in Certified Devices List only first one.

No problem.... I have NAC 4.7.2.

I tried to add swisstimeout in CCA xml, but did not work.