Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
1
Replies

NAC is not ready for L3 OOB

mchockalingam
Level 1
Level 1

‎07-10-2010 03:06 PM - last edited on ‎02-21-2020 11:21 PM by Community Manager

This is what I think after spending a few weeks trying to load balance the traffic using 3 CAS servers for L3 OOB mode.

I understand the need of PBR or ACL to force the traffic from auth VLAN to the untrusted side of the CAS.

Once the CAS is selected, the CAS server should be bale to perform NAT (or PAT) to change the source address to the trusted side address so that the return traffic will come back to the right CAS and there is no need to do PBR for the return traffic from DNS or to apply class maps to the ACE etc.

Why can't Cisco make it easier by doing NAT on the trusted side and all we have to do is take care of the load balancing on the untrusted side?

Unless Cisco does this, I do not think the L3 OOB is ready for enterpises in my opinion.

Meena

0 Helpful
1 Reply 1

jideji
Cisco Employee
Cisco Employee

‎07-28-2010 11:38 AM

Are you asking to do NAT on the trusted side of the CAS itself? I think this can be a good feature request please you can run this by your account Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card