Forum Discussion
amintej
Cirrus
CirrusTacacs Remote address field not sent
Hello,
Our load balancers use Cisco ACS for authenticate network operators (TACACS protocol), some of the ACS policies are based on source IP. We realized Big IP is not sending Remote address Field, and that is why our ACS rules are not being applied. Any ideas for solving this problem ? Version: 11.4.1 - 647.0
TayF5unNimbostratus
I think that, you have deployed F5 devices with one-arm mode so you could not see source ip.
Guillaume_H_I think you can resolved this problem with an irules. you can add the remote address field in the payload.
matm_58717Hi,
I think not is possible with iRule, beacuse the iRule is associate a VS and TACACS service is to authenticate administrators users.
The question is whether the F5 can be configured to allow the sending of the client's IP to the TACACS, I trying and the default behavior is that it does not send it.
Best Regards
- nizgeek_308659
For Tacacs servers please add custom management route. It will resolve this issue. You may need to allow in firewalls the F5 management ip and Tacacs servers ips if there are any firewall in the path.