Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
0
Helpful
9
Replies

CAS-HA Configuration in L2 OOB Virtual Gateway

mohammed-amjad
Level 1
Level 1

‎08-29-2010 03:38 AM - edited ‎03-09-2019 11:08 PM

Hi,

I have configured the Clean Access Manager and Server in L2 OOB Virtual Gateway Mode and i have configured the HA of CAM but i am facing problem while configuring CAS High Availability because i am using in the CAS of trusted interface and untrusted interface same IP address so can u please tell me How to configure High Availability of CAS in L2 OOB Virtual Gateway with same IP Address of trusted and untrusted interface.

Thanks,

Labels:
0 Helpful
9 Replies 9

Faisal Sehbai
Level 7
Level 7

‎08-29-2010 10:00 AM

Amjed,

Start here for CAS HA config: http://www.cisco.com/en/US/docs/security/nac/appliance/installation_guide/hardware/48/hi_ha.html#wp1084702

HTH,

Faisal

0 Helpful

mohammed-amjad
Level 1
Level 1
In response to Faisal Sehbai

‎09-01-2010 01:05 AM

Dear Faisal,

Thanks for your reply and here in my scenario i am using the same ip address on CAS01 Trusted Interface (10.1.130.1) and Untrusted Interface (10.1.130.1) and CAS02 Trusted Interface (10.1.130.2) and Untrusted Interface (10.1.130.2).  How to configure the HA for L2 OOB Virtual Gateway in my scenario.  Please help in this issue.  Please find below my scenario.

Thanks,

71413-NAC.vsd.zip
0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to mohammed-amjad

‎09-01-2010 03:18 AM

Amjad,

The link I sent you is still valid. Please review that. You would define the same Virtual IP address on both interfaces. One thing which is wrong in your visio is the fact that your Trusted and Untrusted interfaces are both on the same VLAN. That will cause broadcast storm on your network and take out your switches. You want them to be on separate VLANs.

HTH,

Faisal

0 Helpful

mohammed-amjad
Level 1
Level 1
In response to Faisal Sehbai

‎09-02-2010 12:37 AM


Dear Faisal,

I have deployed this as per cisco documentation.  Please find below the attachment and let me know if there is any changes.  Please send me the right scenario.

Thanks,

1452 KB
0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to mohammed-amjad

‎09-02-2010 09:33 AM

Amjad,

So you changed the VLANs for the CAS's trusted and untrusted interfaces to be on different VLANs?

Faisal

0 Helpful

mohammed-amjad
Level 1
Level 1
In response to Faisal Sehbai

‎09-04-2010 03:29 AM

Dear Faisal,

I have not changed yet the ip address of Trusted and Untrusted Interfaces of my CAS01 and CAS02.  Can you please check the attachment of previous reply because i have deployed as per cisco documentation.  If there is any changes just let me know then i will change.

Thanks,

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to mohammed-amjad

‎09-07-2010 06:12 AM

Amjad,

Your Visio suggested that your CAS and CAM trusted interfaces were on the same VLAN. Has that changed yet?

Faisal

0 Helpful

mohammed-amjad
Level 1
Level 1
In response to Faisal Sehbai

‎09-08-2010 02:07 AM

Dear Faisal,

In my Visio i am using for the CAM 10.1.131.0 (vlan 131 ) subnet and for the CAS 10.1.130.0 (vlan 130 ) subnet and How same VLAN.  Please review the Visio file once again and give me the solution.

Thanks,

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to mohammed-amjad

‎09-08-2010 04:05 AM

Amjad,

My mistake. I meant the CAS's trusted and untrusted interfaces, as shown from the snippet from your Visio. Have you changed them to different VLANs? Also what exact problem are you having? Without you articulating it right I won't be able to help you. Please explain in as much detail as you can as to what's not working.

Thanks,

Faisal

32 KB
0 Helpful
Customers Also Viewed These Support Documents