Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC SSO vpn: is CAS Real-IP mode supported ?

Hi all

I have been trying to setup a CAS as inline real IP gateway mode to support single sign on via a Cisco ASA running cisco vpn IPsec client.

CAS and CAM are running 4.5.1

I have followed the online guide to the letter (except for running the CAS in virtual gateway mode and doing vlan mapping)

My vpn authentication works on the ASA and radius is passed though the CAS to the ACS server just fine.

I did a tcpdump on both cas and cam and saw the Radius accounting packet be transmitted from the ASA to the CAS and then from the CAS to the CAM, so the radius accounting 'start' packet is being transmitted upon the user being authenticated on the vpn.

The problem is that the laptop attempting to access the network will not display the 'auto login' screen from the CCA agent, instead the CCA agent displays the authentication request screen for user and password details.

I also following the advice of this link with no success

(Known Issue for VPN SSO Following Upgrade to Release 4.5)

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp711526

So I'm now doubting myself as to whether the CAS can support SSO in real IP gateway mode.

Dale

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: NAC SSO vpn: is CAS Real-IP mode supported ?

i've set it up in real ip gw mode, but not in 4.5. it worked fine.

is this the guide you followed?

http://www.cisco.com/en/US/partner/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html

2 REPLIES
Gold

Re: NAC SSO vpn: is CAS Real-IP mode supported ?

i've set it up in real ip gw mode, but not in 4.5. it worked fine.

is this the guide you followed?

http://www.cisco.com/en/US/partner/docs/security/nac/appliance/configuration_guide/45/cas/s_vpncon.html

New Member

Re: NAC SSO vpn: is CAS Real-IP mode supported ?

Well I followed the guide you linked and got it to work, so thank you.

I originally followed this one, and had no success.

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml

Both guides say pretty much say the same thing except for the vlan mapping.

Thanks again.

259
Views
0
Helpful
2
Replies
CreatePlease to create content