Forum Discussion
Cisco ISE Load Balancing
HI,
From previous experiance BIG-IP really doesn't like having the MGMT interface and the TMM interfaces on the same subnet. So this may be your first issue.
It's also worth checking the self-ip protection settings to make sure you are allowing the traffic in to that interface.
Radius is UDP, so stateful firewalling wont be able to expect the traffic to be coming back in.
Also check your mgmt routing and the TMM routing.
The mgmt routing info can be found here: https://my.f5.com/manage/s/article/K15040 https://my.f5.com/manage/s/article/K13284
What you may need to do is put a specific route on the Config utility to force the traffic to the ISE interface, this is independant to the management interface routing.
Can you get comms from the 10. network to the 192. network?
I did added a default route to existing vlan of f5 vip. The monitoring traffic works fine but when the auth traffic is routed via the vip no replies are seen from ISE for that traffic.
Still trying to experiment the best practice for ISE load balancing traffic. Is there a way we can deploy COA for no Automap , SNAT is the only best practice to be used till date.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com