cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
602
Views
0
Helpful
5
Replies

CAS behind NAT

fouzi
Level 1
Level 1

Hi,

I have a a setup with one CAM, one CAS and a firewall between them. There is also NAT in place.

I changed the requiered things like in the configuration guide.

After the changes, I'm able to connect the CAM with the CAS. But after the a reboot of the CAS the connection is broken and cannot be "repaired" because the CAM tries to connect to the original IP and not to the NAT IP which it was connected to earlier. I can only "repair" the connection when I delete the CAS on the CAM an reinitiate the connection

5 Replies 5

fouzi
Level 1
Level 1

Hi,

I have a a setup with one CAM, one CAS and a firewall between them. There is also NAT in place.

I changed the requiered things like in the configuration guide.

After the changes, I'm able to connect the CAM with the CAS. But after the a reboot of the CAS the connection is broken and cannot be "repaired" because the CAM tries to connect to the original IP and not to the NAT IP which it was connected to earlier. I can only "repair" the connection when I delete the CAS on the CAM an reinitiate the connection

Fouzi,

Were you able to get this issue resolved? I'm having the same problem with a firewall and NAT between CAM and CAS.

Thanks,

hi

Have you followed the steps as defined in the following link

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cas/s_instal.html#wp1045119

- SSH to the CAS or use a serial console to login as root.

- Restart the service with "service perfigo restart".

- Verify whether the file exists with the following

[root@XYZ bin]# cat /perfigo/agent/bin/startagent

Thanks for your quick response!

I went through and double checked the restartweb and starttomcat files in /perfigo/access/bin. They both contain the -Djava.rmi.servere.host=(my CAS name). I have also verified that the hosts file on the CAM in /etc/ has the public IP and hostname of the CAS. I then restarted the perfigo services on the CAS. So, everything appears to be in place, and when I didn't loose connectivity with the CAS after restarting the perfigo services, but if I reboot the CAS, I will.

Thanks again for your response. It seems the issue has gone away. I'm able to reconnet to the CAS after a reboot!

Thanks,

- William