topic ISE setup using a Load balancer in Network Access Control https://community.cisco.com/t5/network-access-control/ise-setup-using-a-load-balancer/m-p/3441919#M521357 <HTML><HEAD></HEAD><BODY><P>We want to setup ISE PSNs behind a loadbalancer( Netscaler or F5). For COA, do we need to add default route on PSNs towards loadbalancer IP? How should we route traffic from PSNs if we are using SNAT, i.e. default route should be towards ? If we are using SNAT, how will PSN determine the IP of NAD device? I am not sure of ISE 2.3, but till ISE 2.2, ISE doesn't have the capability to get the real NAD IP from Radius header. It uses the IP header info to determine the NAD IP.</P><P></P><P>I see some documents mentioning SNAT is possible for COA? But I don't see how it works?</P><P></P><P>Any suggestions/links will be really appreciable...</P></BODY></HTML> Fri, 22 Sep 2017 13:29:38 GMT manoj.k@pwc.com 2017-09-22T13:29:38Z ISE setup using a Load balancer https://community.cisco.com/t5/network-access-control/ise-setup-using-a-load-balancer/m-p/3441919#M521357 <HTML><HEAD></HEAD><BODY><P>We want to setup ISE PSNs behind a loadbalancer( Netscaler or F5). For COA, do we need to add default route on PSNs towards loadbalancer IP? How should we route traffic from PSNs if we are using SNAT, i.e. default route should be towards ? If we are using SNAT, how will PSN determine the IP of NAD device? I am not sure of ISE 2.3, but till ISE 2.2, ISE doesn't have the capability to get the real NAD IP from Radius header. It uses the IP header info to determine the NAD IP.</P><P></P><P>I see some documents mentioning SNAT is possible for COA? But I don't see how it works?</P><P></P><P>Any suggestions/links will be really appreciable...</P></BODY></HTML> Fri, 22 Sep 2017 13:29:38 GMT https://community.cisco.com/t5/network-access-control/ise-setup-using-a-load-balancer/m-p/3441919#M521357 manoj.k@pwc.com 2017-09-22T13:29:38Z Re: ISE setup using a Load balancer https://community.cisco.com/t5/network-access-control/ise-setup-using-a-load-balancer/m-p/3441920#M521361 <HTML><HEAD></HEAD><BODY><P>Did you look at our F5 doc in the community?</P><P></P><P>https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=0ahUKEwiI84nd9LjWAhXB54MKHaDTB7QQFgg0MAA&amp;url=https%3A%2F%2Fcommunities.cisco.com%2Fdocs%2FDOC-68198&amp;usg=AFQjCNGkPpG_T9t2A8hsHRgz73zTxMFqig</P></BODY></HTML> Fri, 22 Sep 2017 13:37:10 GMT https://community.cisco.com/t5/network-access-control/ise-setup-using-a-load-balancer/m-p/3441920#M521361 Jason Kunst 2017-09-22T13:37:10Z