07-08-2020 01:41 AM
Hi,
We are setting a loadbalanced ISE PSN infrastructure by using F5 LTM. ISE nodes and F5 internal interface are on the same vlan and f5 external interface is on a different vlan which. We have configured the infrastructure as described below link.
Radius packents originating from Firepower goes to F5 and F5 passes the packets to ISE PSNs but ISE nodes dont respond to the requests.
However when we changed the radius ip address as ISE PSN node ip address on firepower, ISE PSN node responds to the requests.
And also after the radius process, posture session needs to start.
Any ideas and up-to-date documents for integrating F5 and ISE PSN nodes.
Our topology is same as shown below ;
Thanks,
07-09-2020 08:32 AM
Hi @star btsistem ,
please on the link:
take a look at the LTM Forwarding IP Configuration - Inbound & LTM Forwarding IP Configuration - Outbound and double check the configuration.
Note: on ISE > Operations > Troubleshoot > Diagnostic Tools > General Tools > TCP Dump you can double check if you are receiving/sending any packet from/to F5.
Hope this helps,
Marcelo Morais
07-09-2020 11:13 PM
Hi,
We have configured our infra as stated at the link that u sent. Inbound & outbound forwarding definitions are also ok. But i have noticed that when we set F5 VIP as radius, the radius packets are flagged as dont fragment. We will check it with F5 guys.
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide