NADs behind NAT HIDE

Andrius Selau de Lima — Tue, 09 Apr 2019 21:02:24 GMT

Hello All,

Is it possible to the NADs to do tacacs authentication behind a NAT HIDE?

I have several devices in a site in old fashion way IP addressing out of RFC1918 and it must use NAT. It will use a single IP to arrive in datacenter.
Soon I'll arrange it.

Someone know if it could working fine?

Kind Regards,

Re: NADs behind NAT HIDE

Sathiyanarayanan Ravindran — Wed, 10 Apr 2019 03:31:03 GMT

NAT IP address can be configured as a NAD in ISE. But in your scenario you have multiple devices NATTED with Single IP. If you have multiple vendor device operating on your environment then the authorization profile will get collapsed. Single authorization policy will be applicable for those devices.

If you have single vendor you can configure the NAT IP as NAD in ISE and create authorization profile accordingly.

Note: Based on the concept, Not tested any where.

topic Re: NADs behind NAT HIDE in Network Access Control

NADs behind NAT HIDE

Re: NADs behind NAT HIDE