Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CAS behind NAT

Hi,

I have a a setup with one CAM, one CAS and a firewall between them. There is also NAT in place.

I changed the requiered things like in the configuration guide.

After the changes, I'm able to connect the CAM with the CAS. But after the a reboot of the CAS the connection is broken and cannot be "repaired" because the CAM tries to connect to the original IP and not to the NAT IP which it was connected to earlier. I can only "repair" the connection when I delete the CAS on the CAM an reinitiate the connection

5 REPLIES
New Member

Re: CAS behind NAT

Hi,

I have a a setup with one CAM, one CAS and a firewall between them. There is also NAT in place.

I changed the requiered things like in the configuration guide.

After the changes, I'm able to connect the CAM with the CAS. But after the a reboot of the CAS the connection is broken and cannot be "repaired" because the CAM tries to connect to the original IP and not to the NAT IP which it was connected to earlier. I can only "repair" the connection when I delete the CAS on the CAM an reinitiate the connection

New Member

Re: CAS behind NAT

Fouzi,

Were you able to get this issue resolved? I'm having the same problem with a firewall and NAT between CAM and CAS.

Thanks,

New Member

Re: CAS behind NAT

hi

Have you followed the steps as defined in the following link

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cas/s_instal.html#wp1045119

- SSH to the CAS or use a serial console to login as root.

- Restart the service with "service perfigo restart".

- Verify whether the file exists with the following

[root@XYZ bin]# cat /perfigo/agent/bin/startagent

New Member

Re: CAS behind NAT

Thanks for your quick response!

I went through and double checked the restartweb and starttomcat files in /perfigo/access/bin. They both contain the -Djava.rmi.servere.host=(my CAS name). I have also verified that the hosts file on the CAM in /etc/ has the public IP and hostname of the CAS. I then restarted the perfigo services on the CAS. So, everything appears to be in place, and when I didn't loose connectivity with the CAS after restarting the perfigo services, but if I reboot the CAS, I will.

New Member

Re: CAS behind NAT

Thanks again for your response. It seems the issue has gone away. I'm able to reconnet to the CAS after a reboot!

Thanks,

- William

143
Views
0
Helpful
5
Replies