cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

168
Views
3
Helpful
2
Replies
Highlighted
Cisco Employee

CWA with guest users sitting behind NAT/PAT

Hello,

Does anyone see any problem with a setup where the wireless guest users are being (source) NAT/PAT-ed on the way towards the PSN for CWA?

So, just to make it clear: it is the IP addresses of the guest devices that get NAT/PAT-ed, not the PSN address.

I think this should work fine, as the PSN shouldn't care what IP the client appears to be connecting from, as long as the URL contains the correct session ID.

Could someone please confirm, though?

Also, a follow-up question: what will ISE log as the IP address for that guest client - the actual client IP or the NAT/PAT IP?

I suspect it is the former, as that is what the WLC will send to ISE in the RADIUS packets, but can someone please confirm this as well?

Thanks!

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CWA with guest users sitting behind NAT/PAT

Please see response in community already answered - https://communities.cisco.com/thread/85256?start=0&tstart=0

The ip address in ISE logs is the actual client IP learned from the network access side of things (wireless controller)

2 REPLIES 2
Cisco Employee

Re: CWA with guest users sitting behind NAT/PAT

Please see response in community already answered - https://communities.cisco.com/thread/85256?start=0&tstart=0

The ip address in ISE logs is the actual client IP learned from the network access side of things (wireless controller)

Cisco Employee

Re: CWA with guest users sitting behind NAT/PAT

Oh!

And I did search for it beforehand (obviously, not well enough).

Thanks for the answers, Jason!