06-24-2019 11:53 AM
If ISE is installed behind a load balancer, with the load balancer as the default gateway, will the source IP of the device be still kept?
Solved! Go to Solution.
06-24-2019 04:44 PM
short answer is yes, if the load balancer is not doing Source NAT'ing.
If the load balancer is doing Source NATing, then it's changing the IP packet header and putting its own IP address as the source of the traffic. Hence, you lose the "origin" of the traffic. You can still glean the origin via the NAS IP Address field in the RADIUS packet. But ISE doesn't use that field. It uses the IP/UDP Source IP Address.
06-24-2019 12:36 PM
06-24-2019 12:41 PM
06-24-2019 04:44 PM
short answer is yes, if the load balancer is not doing Source NAT'ing.
If the load balancer is doing Source NATing, then it's changing the IP packet header and putting its own IP address as the source of the traffic. Hence, you lose the "origin" of the traffic. You can still glean the origin via the NAS IP Address field in the RADIUS packet. But ISE doesn't use that field. It uses the IP/UDP Source IP Address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide