11-14-2017 11:52 AM
Hello,
Does anyone see any problem with a setup where the wireless guest users are being (source) NAT/PAT-ed on the way towards the PSN for CWA?
So, just to make it clear: it is the IP addresses of the guest devices that get NAT/PAT-ed, not the PSN address.
I think this should work fine, as the PSN shouldn't care what IP the client appears to be connecting from, as long as the URL contains the correct session ID.
Could someone please confirm, though?
Also, a follow-up question: what will ISE log as the IP address for that guest client - the actual client IP or the NAT/PAT IP?
I suspect it is the former, as that is what the WLC will send to ISE in the RADIUS packets, but can someone please confirm this as well?
Thanks!
Solved! Go to Solution.
11-14-2017 12:04 PM
Please see response in community already answered - https://communities.cisco.com/thread/85256?start=0&tstart=0
The ip address in ISE logs is the actual client IP learned from the network access side of things (wireless controller)
11-14-2017 12:04 PM
Please see response in community already answered - https://communities.cisco.com/thread/85256?start=0&tstart=0
The ip address in ISE logs is the actual client IP learned from the network access side of things (wireless controller)
11-14-2017 12:10 PM
Oh!
And I did search for it beforehand (obviously, not well enough).
Thanks for the answers, Jason!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide