Forum Discussion
NimbostratusUDP Source IP
Hi
I am loadbalancing Cisco ISE Policy Servers.
Loadbalancing is functioning as desired and everything is working. I have now been asked that the Security Team need to see the IP Address of the Source Device, where as currently they are seeing the SNAT IP, I unfortunately cannot disable the SNAT Pool settings.
With a normal HTTP profile I can enable the x-ForwardedFor option to pass the Source IP but with UDP I dont have this option. Any ideas on how I can get the Source IP Address passed onto the Cisco Policy Servers while using a UDP profile?
Thanx
3 Replies
IheartF5_45022Nacreous
Hi,
If it's RADIUS packets you are talking about, the best solution would be to request the NAS devices to insert the NAS-IP-Address av-pair in the packet, so you don't have to do anything. Otherwise then yes you can add data to a UDP packet, but it would have to be in a format that would be meaningful to the end devices - have the security team specified exactly what they want you to add?
Sulaiman_85782All they want to see is the Source IP address of the device that is making the connection, currently they are getting the SNAT IPs in there logs.
- IheartF5_45022
Is it Radius? Unless it's a protocol that natively includes an optional IP address field as RADIUS does, then you're unlikely to be able to squish one in without confusing a downstream system.
Another option would be for the F5 to log packet details including source ip off to an event correlation system or some such......
Only other thing is to insert the F5 into the data path so that SNAT is not required.
