I'm deploying a NAC realIP/in-band/layer3, users cannot ping untrusted interface e1 of NAC server, user has to pass core sw 6500 and FW before hitting e1 of NAC server. I have tried to set the gateway of this intterface e1 to itself (as Cisco document) and FW module, but in both cases, user still cannot ping e1.
Anyone can help me? Much appreciate your replying!
User -- Core sw 6500 -- FW module (on core sw) -- NAC server -- NAC manager