Cisco Cisco Clean Access 3.5
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
2-4
Cisco Clean Access Server Installation and Administration Guide
OL-7045-01
Chapter 2 Planning Your Deployment
NAT Gateway
Note
•
For Virtual Gateway (In-Band or OOB), it is recommended to connect the untrusted interface (eth1)
of the CAS to the switch only after the CAS has been added to the CAM via the web console.
of the CAS to the switch only after the CAS has been added to the CAM via the web console.
•
For Virtual Gateway with VLAN mapping (In-Band or OOB), the untrusted interface (eth1) of the
CAS should not be connected to the switch until VLAN mapping has been configured correctly
under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping.
See
CAS should not be connected to the switch until VLAN mapping has been configured correctly
under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping.
See
NAT Gateway
In the NAT Gateway configuration, the Clean Access Server functions similarly to the Real-IP Gateway
configuration, but adds Network Address Translation (NAT) services. With NAT, clients are assigned IP
addresses dynamically from a private address pool. The Clean Access Server performs the translation
between the private and public addresses as traffic is routed between the untrusted (managed) and
external network. The Clean Access Server supports standard, dynamic NAT and 1:1 NAT. In 1:1 NAT,
there is a one-to-one correlation between public and private addresses. With 1:1 NAT, you can map port
numbers as well as IP addresses for translation.
configuration, but adds Network Address Translation (NAT) services. With NAT, clients are assigned IP
addresses dynamically from a private address pool. The Clean Access Server performs the translation
between the private and public addresses as traffic is routed between the untrusted (managed) and
external network. The Clean Access Server supports standard, dynamic NAT and 1:1 NAT. In 1:1 NAT,
there is a one-to-one correlation between public and private addresses. With 1:1 NAT, you can map port
numbers as well as IP addresses for translation.
Note
NAT Gateway mode (In-Band or Out-of-Band) is not recommended for production deployment.
CAS Operating Mode Summary
summarizes the features and advantages for each operating mode.
Table 2-1
CAS Operating Mode Summary
CAS Type
Features
Advantages
Virtual Gateway
•
CAS acts like a bridge for the managed
network
network
•
CAS acts as a DHCP passthrough.
•
CAS acts in an unobtrusive manner.
•
Good you do not want to modify the existing
network.
network.
•
There is no need to define static routes on the
main router.
main router.
Real-IP Gateway
•
CAS acts as a gateway for the managed
subnet.
subnet.
•
CAS is designated as a static route for the
managed subnet.
managed subnet.
•
CAS can perform DHCP services, or act as a
DHCP relay.
DHCP relay.
•
Good for situations in which a new subnet
can be used for the managed network.
can be used for the managed network.
•
Clients are assigned real IP addresses.
•
Takes advantage of the CAS’s advanced
DHCP services.
DHCP services.