I'm testing Clean Access in In-band VGW mode with clients that are *not* directly connected to the CAS (i.e. L3-adj. mode).
Can anybody tell me do I need to configure static routes on the CAS for user subnets? It seems that the CAS always send traffic via the trusted eth0 interface with the eth0 IP as the source. It doesn't use the eth1 IP (even if it is different than eth0 IP and the static route is pointing via the eth1).
So, it seems that eth1 (untrusted side) IP doesn't really matter and static routes are not used in VGW mode. Is my understanding correct?