ā12-13-2015 08:33 PM - edited ā03-10-2019 11:19 PM
Hi everyone,
Hopefully someone who has successfully used a Citrix NetScaler for load balancing requests for ISE can help, it seems a lot of the documentation such as Cisco Live slides are based around using F5 as a load balancer.
I have a pretty solid load balancing setup using Citrix NetScaler 10.5, however it only works correctly if I use source address translation (SNAT), which is against best practice recommended in slides and means all the radius requests within ISE appear to come from the NetScaler. If I disable source SNAT, ISE does correctly respond to radius messages (confirmed by packet capture) but the access switch (3850) doesn't appear to get anything.
If I set the switch to use the ISE policy nodes directly, it works fine so there is definitely connectivity between the ISE policy nodes and the switch.
Any ideas?
Thanks
ā03-11-2016 11:17 PM
Hello Mark,
Did you get to resolve this problem? I have exactly same problem
thanks
ā03-12-2016 12:11 AM
Hi chidex123,
Unfortunately no. I did find some configuration with the NetScaler that needed to be made, but it would have an impact on the existing load balancers that were set up for other applications so I didn't move ahead with it.
I have radius failover configured on the NAD itself, I have half of my deployment favouring one policy node with the other half favouring the other policy node to imitate some form of load balancing.
Mark
ā10-21-2022 07:28 PM
User netscaler SNIP as default gateway on ISE server
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide