Forum Discussion
ken_wolff_10732
Nimbostratus
NimbostratusSnatted address replacement
Is there a way to retain the actual client address and replace the snatted address with the actual client address when responding back to the client? I need the snat, but want to tell the client the a...
ken_wolff_10732Nimbostratus
NimbostratusThe client is doing an 802.1x (PEAP) authentication via radius servers to the domain controller. So the sequence is laptop request>Cisco Switch>BigIP>Radius>active directory. The problem comes in when the radius is not local (is not on the internal VLAN). The request has to be snatted to go to a remote radius. The radius log entry then shows a snatted address for the Cisco Switch i.e. a generic address instead of a specific address. This is a security issue.
I would like to find a way to capture the Switch address, and send that to the radius instead of the snat address. If that could work, then we could use remote radius servers. Hope that is clearer. Thanks, Ken
