Virtual System sends requests to authentication server with source IP address of VSX Gateway

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk107281
Technical Level
Product	VSX, Enterprise Appliances
Version	R75.40VS, R76, R77, R77.10, R77.20, R77.30
OS	Gaia
Platform / Model	2000, 4000, 12000 VSX, 13000, 21000 VSX, Crossbeam, IP1280, IP2450, Intel/PC, Power-1, UTM-1, VSX-1
Date Created	18-Aug-2015
Last Modified	14-Dec-2016

Symptoms

Authentication requests sent from a Virtual System to 3rd party authentication servers fail.
IP address of this Virtual System is configured on authentication servers as the Client IP address.
Traffic capture on VSX Gateway shows that requests to authentication servers are sent with source IP address of VSX Gateway / VSX Cluster.
When VSX deployment is forwarding authentication requests (RADIUS, LDAP, etc.) the requests are sourced from the IP of VS0 instead of the Virtual System.

Cause

The default configuration for a Virtual System is to send requests to authentication servers with source IP address of VSX Gateway / VSX Cluster:

In SmartDashboard, open Virtual System object - expand "Other" in the left pane - click on "Legacy Authentication" - refer to section "Authentication Servers Accessibility (including LDAP)" - the default is "Shared (servers are accessible from the VSX gateway/cluster".

Example:

Solution

Note: To view this solution you need to Sign In .