Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1835
Views
0
Helpful
1
Replies

F5 ISE integration

Go to solution
umahar
Cisco Employee
Cisco Employee

‎05-21-2019 06:02 AM

We have a customer who has F5 and PSNs in LTM mode but are doing an SNAT for incoming radius traffic hence all radius requests appear to come from the F5. This is because F5 and PSNs are separated by L3 and are not physically inline. 

 

However it is always recommended to not have SNAT for incoming radius traffic.

Is it possible to have F5 not be physically inline to the PSNs (F5 is not the default gateway of the PSNs) and still avoid SNAT for radius ?

 

F5 being physically inline to the PSNs as shown in the below guide has always worked for me.

 

https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159#toc-hId--500784889

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chyps
Level 1
Level 1

‎07-03-2019 06:38 PM

Yes, it is possible although does have some additional traffic engineering challenges.  More info in the F5-Cisco ISE Load Balancing Guide and in BRKSEC-3699 (Reference presentation) posted to CiscoLive.com.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
chyps
Level 1
Level 1

‎07-03-2019 06:38 PM

Yes, it is possible although does have some additional traffic engineering challenges.  More info in the F5-Cisco ISE Load Balancing Guide and in BRKSEC-3699 (Reference presentation) posted to CiscoLive.com.

0 Helpful
Customers Also Viewed These Support Documents
Top