I can't see how this will ever work Angela. The Cisco VPN authentication mechanism is using LDAP or Radius, where as to authenticate to Windows you will need to use Kerberos authentication. I have no idea about your environment, and it depends what else you are using the Cisco VPN Client for. But instead of using the Cisco VPN Client to encrypt your session, why don't you place a Citrix Secure Gateway in your DMZ. Then users will just need to authenticate once, and this will support two source? The other advantage of this is that you don't have the overhead of an encryption tunnel. Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 1, 1060 Hay Street West Perth WA 6005 Postal: PO Box 525, West Perth WA 6872 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 P: (Reception) +61 8 9261 8420 E-mail: M: TBA jeremy.saunders@xxxxxxxxxxx From: Angela Smith <angela_smith9@xxxxxxxxxxx> To: <thin@xxxxxxxxxxxxx> Date: 28/02/2008 05:59 PM Subject: [THIN] Cisco ASA / WI authentication passthru We currently have a Cisco ASA VPN which we use for Remote Access. We do two factor RSA authentication on the VPN. Once authenticated, the VPN automatically launches our Web Interface server. Users then authenticate to AD and all works fine. I want to add an AD password field to the Cisco VPN (which I can do) and am hoping I can pass this information thru to the Web Interface. How do I tell the Web Interface to read the userid and AD password fields so users are not prompted for AD credentials? Can this be done? THanks Listen now! New music from the Rogue Traders. ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************