07-17-2013 11:49 AM
I managed to get User-ID tagging enabled and working on our PA-200 lab box. My question has to do with the source & destination configuration for the service routes. The PA box is identifying traffic from 192.168.10 and 192.168.11.x /24 networks that are plugged into ethernet 1 and ethernet 3 respectively. I have the source address of the UID Agent service route set to 192.168.10.1, eth 1 interface, and in the destination pane on the right I have added 192.168.10.30 and 10.1 as the source. I have a second DC on the 192.168.11 network that is also included in the LDAP profile and User Identification-Server Monitoring sections identical to the other DC (10.30). I am not sure of how to configure an additional service route that goes out the 192.168.11.1 interface, similar to the first one that goes out 10.1, or if I am just supposed to add a second destination on the right with the same source address (again 10.1). It seems to me like there should be a way to specify sending UID agent traffic out multiple interfaces, but I am not sure. I may also be mis-interpreting the configuration options, I am just not sure.
Any help would be greatly appreciated,
Thank You
07-17-2013 12:42 PM
Thank You. After reading the Web UI help I understand how this section works a little better now. I changed the service route options back to MGMT for now, and under the management interface settings I enabled User-ID. This, along with defining the two servers under the server monitoring portion of the User Identification section, specifies my LDAP servers and allows for connectivity and solves my original problem.
Thanks again.
07-17-2013 12:19 PM
Hello,
Per the Service route feature, we have 2 sections. In the left section > there are predefined features and an option to select the interfaces to tell the traffic to go through which interface out on the PAN.
On the right section it is more generic. All you have to do is select the source as same interface IP address if you need the traffic to go out and receive on same interface and give the destination unique IPs for what the destination it is.
Service route is means of telling take a different path ( interface other than management ) for certain destination IPs.
Thanks
Samshodh
07-17-2013 12:42 PM
Thank You. After reading the Web UI help I understand how this section works a little better now. I changed the service route options back to MGMT for now, and under the management interface settings I enabled User-ID. This, along with defining the two servers under the server monitoring portion of the User Identification section, specifies my LDAP servers and allows for connectivity and solves my original problem.
Thanks again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
