cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

135
Views
5
Helpful
1
Replies
Beginner

NADs behind NAT HIDE

Hello All,

Is it possible to the NADs to do tacacs authentication behind a NAT HIDE?

I have several devices in a site in old fashion way IP addressing out of RFC1918 and it must use NAT. It will use a single IP to arrive in datacenter.
Soon I'll arrange it.

Someone know if it could working fine?

 

Kind Regards,

 

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: NADs behind NAT HIDE

NAT IP address can be configured as a NAD in ISE. But in your scenario you have multiple devices NATTED with Single IP. If you have multiple vendor device operating on your environment then the authorization profile will get collapsed. Single authorization policy will be applicable for those devices.

 

If you have single vendor you can configure the NAT IP as NAD in ISE and create authorization profile accordingly.

 

Note: Based on the concept, Not tested any where.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
1 REPLY 1
Highlighted

Re: NADs behind NAT HIDE

NAT IP address can be configured as a NAD in ISE. But in your scenario you have multiple devices NATTED with Single IP. If you have multiple vendor device operating on your environment then the authorization profile will get collapsed. Single authorization policy will be applicable for those devices.

 

If you have single vendor you can configure the NAT IP as NAD in ISE and create authorization profile accordingly.

 

Note: Based on the concept, Not tested any where.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)