topic F5 ISE integration in Network Access Control https://community.cisco.com/t5/network-access-control/f5-ise-integration/m-p/3860109#M472802 <P>We have a customer who has F5 and PSNs in LTM mode but are doing an SNAT for incoming radius traffic hence all radius requests appear to come from the F5. This is because F5 and PSNs are separated by L3 and are not physically inline.&nbsp;</P> <P>&nbsp;</P> <P>However it is always recommended to not have SNAT for incoming radius traffic.</P> <P>Is it possible to have F5 not be physically inline to the PSNs (F5 is not the default gateway of the PSNs) and still avoid SNAT for radius ?</P> <P>&nbsp;</P> <P>F5 being physically inline to the PSNs as shown in the below guide has always worked for me.</P> <P>&nbsp;</P> <P><A href="https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159#toc-hId--500784889" target="_blank">https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159#toc-hId--500784889</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 21 May 2019 13:02:17 GMT umahar 2019-05-21T13:02:17Z F5 ISE integration https://community.cisco.com/t5/network-access-control/f5-ise-integration/m-p/3860109#M472802 <P>We have a customer who has F5 and PSNs in LTM mode but are doing an SNAT for incoming radius traffic hence all radius requests appear to come from the F5. This is because F5 and PSNs are separated by L3 and are not physically inline.&nbsp;</P> <P>&nbsp;</P> <P>However it is always recommended to not have SNAT for incoming radius traffic.</P> <P>Is it possible to have F5 not be physically inline to the PSNs (F5 is not the default gateway of the PSNs) and still avoid SNAT for radius ?</P> <P>&nbsp;</P> <P>F5 being physically inline to the PSNs as shown in the below guide has always worked for me.</P> <P>&nbsp;</P> <P><A href="https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159#toc-hId--500784889" target="_blank">https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159#toc-hId--500784889</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 21 May 2019 13:02:17 GMT https://community.cisco.com/t5/network-access-control/f5-ise-integration/m-p/3860109#M472802 umahar 2019-05-21T13:02:17Z Re: F5 ISE integration https://community.cisco.com/t5/network-access-control/f5-ise-integration/m-p/3884428#M472805 <P>Yes, it is possible although does have some additional traffic engineering challenges.&nbsp; More info in the F5-Cisco ISE Load Balancing Guide and in BRKSEC-3699 (Reference presentation) posted to CiscoLive.com.</P> Thu, 04 Jul 2019 01:38:55 GMT https://community.cisco.com/t5/network-access-control/f5-ise-integration/m-p/3884428#M472805 chyps 2019-07-04T01:38:55Z