Re: Configuration question (UNCLASSIFIED)

[Bruce Hodge]

You could always take the easy way out and set up a proxy cache, which will take care of the NAT and add some security if you need it? On 8/24/2011 6:08 AM, Riegert, Timothy J. wrote: IIRC, the use of the CAS as a NAT gateway is only permitted for testing use as it has limited number of connections.   Typically, if you’re doing a L3 / OOB / real IP solution, you utilize policy-based routing to send the traffic through the CAS, and you would have to perform NAT on a device that is further upstream (towards the Internet).   From: Cisco Clean Access Users and Administrators [mailto:CLEANACCESS@LISTSERV.MUOHIO.EDU] On Behalf Of Allen, Richard D CW2 NG NG NGB Sent: Tuesday, August 23, 2011 12:39 PM To: CLEANACCESS@LISTSERV.MUOHIO.EDU Subject: Configuration question (UNCLASSIFIED)   Classification: UNCLASSIFIED Caveats: NONE Here is one for all you smart NAC admins –   I am working on setting up layer 3 OOB real IP gateway and have everything working except one part. My network uses public IP addresses (military) and thus no NAT’ing is configured on the network. My un-auth VLAN is set as a 192.168.x.x network and thus has no way to access the internet for remediation.   My question is – should internet traffic be flowing through the CAS and be using the trusted IP address of the CAS or is it simply passed on with the IP address of the un-auth network? And if so, what is the easiest way to allow unauthorized network traffic limited access to the internet?     Richard Allen CW2, SC, TNARNG J6 JFHQ 3041 Sidco Drive Nashville, TN 37204 Comm: 615-313-7522 DSN 683-7522     Classification: UNCLASSIFIED Caveats: NONE -- Bruce Hodge Team Leader Networks and Communications Group IT Services The University of Newcastle, Australia Phone:            +61 2 492 15563 Fax:                +61 2 492 16910 Email:             bruce.ho...@newcastle.edu.au Mobile:           0408 610 293 IT Support:     +61 2 492 17000 http://www.newcastle.edu.au/unit/it CRICOS Provider Number: 00109J