Swilky
Apr 26, 2020Nimbostratus
SNAT 1:1 - Map client public IP to nat pool IP
I have a situation were we have a BIG IP F5 load balancer in front of a MS RRAS server acting as a VPN concentrator. When a user connects to the VPN the radius auth is proxied through a Cisco ISE instance to tie the user to an IP address, this allows us to create identity based firewall rules. The problem is at the moment RRAS is seeing all clients coming from the load balancer because we have SNAT enabled. In Cisco ISE you can only have one active session per endpoint ID and all users are comming through as the same endpoint ID (the load F5's internal SNAT address).
So my question, it is possible to setup SNAT in a way that each client will come from a unique SNAT address from a SNAT pool?