I want to send TACACS+ requests from Network Devices to an F5 VIP that will load balance several Cisco Identity Service Engine nodes that run the service.
Is there a configuration guide out there? The ISE portion is configured and work but when I point the TACACS+ AAA configuration on my network device to the F5 VIP I created, TACACS+ fails with a network device log entry; ex (ignore IPs)
How is SNAT configuration for the VS? If snat is enabled, ISE server won't receive original network device IP and maybe this is the reason of failed authentication.
i am struggling with the same , even though SNAT Is disabled and i can clearly see the source : NAD device AND Destination : F5 VIP is getting trasnlated by F5 as source : NAD and Destination : One of the ISE Nodes.
aaa group server tacacs+ ISE_GROUP
server name F5-VIP
server name ISE-2
server name ISE-3
weird thing is , whenever i send traffic to F5 VIP for TACACS i dont see anything or logs on ISE too .I am not sure why ?
Please can you share your inputs whether you are able to solve the issue . As I have configured same topology for ISE Nodes .
For your information , I have confiured VIP with standard Virtual server for port TACACS 49 port and associated backend ISE PSN Nodes for load balancing . I am going to test the device connection for TACACS using VIP ip address a AAA Server .
Please can you share your inputs if you tested AAA connection using TACACS .
