11-06-2009 01:44 PM
Is it possible to deploy the CSS11501 in one arm design to loadbalance the authentication traffic Radius across CSACS servers which is on UDP 1645 or 1812 port, is it required to configure the NAT or not, if yes how can define the shared secret in the CSS. also tell me how to configure the keepalive for udp traffic in this scenario other then default icmp keep alive
11-09-2009 03:03 AM
1/ there is no udp probe.
2/ If you want to loadbalance radius traffic, you don't need to define radius on the CSS...we will just treat the traffic as udp flows.
3/ if you are in one-armed mode, you need to find a way to guarantee that response traffic goes back to the CSS...client-nat is usually the easiest solution but than the destination sees connection from a single source....another option is policy-based routing.
Gilles.
06-28-2011 09:07 AM
Hi Gilles,
I am having the same issue in one of my cases (with authentication done by servers for the clients). Can you send me any documents with CSS loadbalancer doing this policy based routing or can you share any idea how can I achieve this. The client-nat is not suited in our environment. It would be very helpful if you could share me some docs or ideas.
BR//
Adnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide