Cisco Cisco ASA for Nexus 1000V Series Switch Manual Técnica
Configure
Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the
commands used in this section.
commands used in this section.
Network Diagram
The RADIUS server is located on the outside of the Failover Pair and it is reachable through a L2L tunnel to
12.12.12.2. This is what causes the probem because the standby ASA tries to reach it through its own outside
interface but there is no tunnel built on it at this point; for it to work, it should send the request to the active
interface so the packet can flow across the VPN but the routes are replicated from the active unit.
12.12.12.2. This is what causes the probem because the standby ASA tries to reach it through its own outside
interface but there is no tunnel built on it at this point; for it to work, it should send the request to the active
interface so the packet can flow across the VPN but the routes are replicated from the active unit.
One option is to use a fake IP address for the RADIUS Server on the ASAs and point it to the inside.
Therefore, the source and destination IP address of this packet can be translated on an internal device.
Therefore, the source and destination IP address of this packet can be translated on an internal device.
Router1
interface FastEthernet0/0
ip address 192.168.1.3 255.255.255.0
no ip redirects
no ip unreachables
ip nat enable
duplex auto
speed auto
ip access−list extended NAT
permit ip 192.168.1.0 0.0.0.255 host 192.168.200.250
ip nat source list NAT interface FastEthernet0/0 overload
ip nat source static 192.168.200.1 192.168.200.250
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ASAs
aaa−server RADIUS protocol radius
aaa−server RADIUS (inside) host 192.168.200.250
timeout 3