Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC Inband for VPN with SSO Auth

Hi,

I am looking to introduce SSO into a NAC Deployment for remote access and wanted to check if this situation would work.  Ok, basic setup is Cisco IPSEC VPN with NAC inband after the ASA where the VPN is terminated.  NAC is running 4.1.3(to be upgraded).

The Sequence of events I would like to happen are as follows:

User logs into laptop at home with cached domain credentials

User then logs into Cisco vpn client via wifi or 3g with only pin code authentication

Login credentials from laptop login to be passed to NAC for SSO authentication

Is this a valid solution or would it only work if the VPN client was using AD credentials and have those passed to NAC?

Cheers

Brian

  • AAA Identity and NAC
1 REPLY

NAC Inband for VPN with SSO Auth

Brian,

If you can get the vpn authentication to work via radius that is the your only option for SSO. The piece that makes this work is radius accounting. If you are not using radius then VPN SSO will not work and you can use ADSSO where that feature uses kerberos and the client has to be registered to the domain.

Let me know if you are using radius to authenticate the users or not.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
248
Views
0
Helpful
1
Replies