UDP Source IP

Question

Hi&nbsp;
I am loadbalancing Cisco ISE Policy Servers.&nbsp;
Loadbalancing is functioning as desired and everything is working. I have now been asked that the Security Team need to see the IP Address of the Source Device, where as currently they are seeing the SNAT IP, I unfortunately cannot disable the SNAT Pool settings.&nbsp;
With a normal HTTP profile I can enable the x-ForwardedFor option to pass the Source IP but with UDP I dont have this option. Any ideas on how I can get the Source IP Address passed onto the Cisco Policy Servers while using a UDP profile?&nbsp;
Thanx&nbsp;

iheartf5_45022 · Answer

Hi,&nbsp;
If it's RADIUS packets you are talking about,  the best solution would be to request the NAS devices to insert the NAS-IP-Address av-pair in the packet,  so you don't have to do anything.  Otherwise then yes you can add data to a UDP packet,  but it would have to be in a format that would be meaningful to the end devices - have the security team specified exactly what they want you to add?&nbsp;

sulaiman_85782 · Answer

All they want to see is the Source IP address of the device that is making the connection, currently they are getting the SNAT IPs in there logs.

iheartf5_45022 · Answer

Is it Radius? Unless it's a protocol that natively includes an optional IP address field as RADIUS does, then you're unlikely to be able to squish one in without confusing a downstream system.&nbsp;
Another option would be for the F5 to log packet details including source ip off to an event correlation system or some such......&nbsp;
Only other thing is to insert the F5 into the data path so that SNAT is not required.&nbsp;

Forum Discussion

UDP Source IP

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Block destination IP by source IP

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

Change original source IP to random in ASM logs

Horizon Blast Extreme UDP with BEAT Support Functionality in BIG-IP Access Manager 14.0!

Application attack from different source IPs