I want to deploy NAC at a Central site to protect the main Servers and resources from remote sites that have multiple users/contractors. The remote site will have their own DC's and the users may log in locally and make use of local file repositories. I want to apply NAC when the user attempts to connect to resources that are located at the Central site.
Will the user at the remote site who has already logged into AD be prompted for login again by NAC or can the NAC use the existing credentials of the user connection, e.g. SSO.
i'm not sure what you're trying to accomplish, but yes, NAC can use the existing credentials. I assume this is in-band NAC? It sounds like these users will only be going through NAC when they try to access these specific resources, is that right?
NAC will be able to use the credentials of the machine they are currently logged into the domain with. If they are logged in locally to a machine (not on a domain), they will get prompted for domain credentials by NAC.
You must configure a user on the domain(s) that will be able to perform the lookups on AD. This will be covered in the documentation.
When they connect to the central site via VPN or LAN, the NAC agent will pop up and automatically perform SSO if it can. If there are any issues or SSO fails, it will pop a dialog to have the user log in with the required credentials that you configured on the CAM.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...