Hi Pete white,

 

Thanks for answering my concer. Here is the detailed version what we are expecting to do. we got pulse secure for all the type of connections out of the network. when user hits pulse secure, it should redirect the traffic to F5 which is connected next to the Puse secure and F5 after receiving that packet it should forward it to ISE where F5 need to act as a RADIUS PROXY. "(radius call from UAC through F5 to ISE ) . (F5 acting as a radius proxy)". Do this information is good or do i need to provide much more.?

 

Regards,

MT

 

 

OK, BIG-IP will act as a radius proxy with a virtual server - you can decode radius messages if you add a radius profile to it and use radius iRule commands such as that RADIUS::avp. If you don’t need to do decoding then you can just use a layer 4 virtual server

Hi Pete,

 

Appreciate your response. As i am pretty new to F5, do you have any procedure steps or reference documents which i can follow.? please share them and that would be really helpful to me. Thanks.

 

MT

Also i have a quick question on this. when it received the radius request from UAC(Pulse), injected the additional attributes with iRule, and forwarded to ISE for processing. The additional attributes which we are looking for is pasted below.

 

Calling-Station-ID (tracks individual client by MAC or IP address) >> Could be made equal to Tunnel-Client-Endpoint Value.

User-Name (tracks remote client by login name) >> Already present.

NAS-Port-Type (helps to determine connection type as VPN) >> Missing.

RADIUS Accounting Start (triggers official start of session)>> This is already present with Framed-ip-address.

 

We are concerned about "NAS-port-Type and Radius Accounting Start- Missing Framed IP-address."