Is it possible to provide a single sign on service for virtual HTTP on an FWSM, where I have ACS 4.2 and win2k8 domain?
The application is to allow a client full access to the secure network (inside) behind the FWSM where the client is on a wireless network on the outside (untrusted) side of the FWSM. The wireless network is not a public network, but is not considered a trusted network. And the client wants access to all applications on different subnets on the inside, which means a big hole in the FWSM.
My first recommendation is for a VPN, but no money for VPV termination device is available.
So, next thought was to provide Virtual HTTP to authenticate user, then they can get access from outside to inside on FWSM.
Once on the network they would need to loging to their domain, which would be a second login process, is it possible to do both authentication steps in one go? Ideally I'd like the user to be able to use their AD credentails to allow authentication for both Virtual HTTP and AD login in one go.
I dont know enough about the ACS/AD integration to answer this question, but so far I think its not possible. Or could I do this another way?