CLEANACCESS Archives

November 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Resending: VPN SSO with CCA
From:
Mike Diggins <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Thu, 23 Nov 2006 10:44:07 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (25 lines) 
I'll try again...

Is anyone using VPN Single-Sign-On with Clean Access in a configuration 
similar to this? I'm running CCA 3.6.4 in Virtual Gateway mode with my 
VLANS terminating on a Cisco 7206 Router.

                                           Internet
                                              |
Clients VLAN1 ----|----|----|------|	     |
"	VLAN2 ----| CCA|----|Router|---FW--Router--FW-Campus
"	VLAN3 ----|----|----|------|                   |
                                 |                      |
 		             VPN3030--------------------


I'd like my clients that need campus access to use the VPN path for added 
security but as it is, they need to authenticate twice, once for CCA, then 
again for VPN. The documented SSO examples all have a different scenario 
where the VPN is inline first, then the CCA. I don't see how to accomplish 
that in Virtual gateway mode. Is SSO even possible in this configuration?

Any help would be appreciated.

-Mike

ATOM RSS1 RSS2