Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
2
Replies

CS-ACS and NAT

swconnexnml
Level 1
Level 1

‎01-29-2007 07:55 AM - edited ‎03-10-2019 02:57 PM

Hello,

Currently, we have FWSM/7606 sitting between a CS-ACS appliance v4.0.1 and the network comprising several routers. Since we use NAT, all network devices appear as a single IP address in CS-ACS.

Is there a way to convey the real router IP address into CS-ACS, either in the T+ payload or by other means ?

We need to see, in CS-ACS logs, both the Real IP and the NAT IP (we already have this one).

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

dominic.caron
Level 5
Level 5

‎01-29-2007 12:48 PM

I've looked at a tacacs+ auth request in ethereal and I'm pretty sure the source adress is lost. Also, if you review the rfc(http://www.cisco.com/warp/public/459/tac-rfc.1.76.txt) You will find that the is no source field.

0 Helpful

swconnexnml
Level 1
Level 1
In response to dominic.caron

‎02-12-2007 04:26 AM

Hi Dominic,

Thanks for your reply. Obviously, CS-ACS is an enterprise solution. We are in the outsourcing business / multi-client datacenter and we have to look at other avenues.

Regards.

-steve w.

0 Helpful
Customers Also Viewed These Support Documents