I want to provide my users with a single-sign-on experience from Windows/AnyConnect so that Active Directory can process GPO's, logon scripts, password updates etc. But I cannot get a SSO to work.
The only way I have been able to get this to work is if the user manually invokes the connection via the "Network Connect" icon on the signon screen first and then signs on to the computer. I was under the impression that with the PLAP we could simply login and VPN would connect first and then process the login with Active Directory.
Is this correct? If so, what am I missing?
I have setup a Windows 7 client and ASA (8.4(1)) as per the instructions given in the client administration guide. I have tried using certificates and a simple AAA authentication method. I can get either method to work manually but not by simply clicking the username from the sign on screen and logging in with their password. I do see the little AnyConnect icon next to each username on the signon screen.
Any help would be appreciated.
As far as the SBl is concerned in case of windows vista and win 7, it uses PLAP feature. The following is link for more information:-
Please find the following link for SBL , in case of win 7, with screen shots:-
So we need to click the network connect icon for SBL to work.
I hope it helps.