Extreme Control behind a firewall

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered
Hi,

Currently looking into running a NAC behind a firewall and looking into this GTAC post:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Configure-NetSight-to-Model-NAC-App...

Which says the following:
 
Populate <NetSight_Install_Dir>/appdata/nat_config.txt in NetSight Server with NAT mapping of NAC(s)
 
But the nat_config.txt file is blank, so I have no reference as to what I should enter into that file that constitutes a ‘NAT mapping’, so just wondered if anyone within the community might know.
 
Many thanks in advance.
Photo of Martin Flammia

Martin Flammia

  • 6,326 Points 5k badge 2x thumb

Posted 4 months ago

  • 0
  • 1
Photo of Martin Flammia

Martin Flammia

  • 6,326 Points 5k badge 2x thumb
Think I've found the answer:

<NAT IP address>=<real IP address>

Will post back if I get it working
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
How were you checking the content of the nat_config.txt file? I'm not sure it should be blank:
captain@spock.vulcan.local:~$ cat /usr/local/Extreme_Networks/NetSight/appdata/nat_config.txt 
# The nat_config.txt file is used to configure NetSight to work in a NAT
# environment.  The file maps local IP addresses to their remote IP address.
# A local IP is defined as an IP addresses of system on the same side of
# the NAT firewall as this server and a remote IP address is defined as the
# corresponding IP address of that end system on the other side of the NAT
# firewall. 
#
# The format for each line should be: <remote ip>=<local ip>
#
# EX:
#    10.20.80.155=134.141.90.221 # Some note or description.
#    10.20.80.156=134.141.90.222 # Some note or description.
Photo of Martin Flammia

Martin Flammia

  • 6,326 Points 5k badge 2x thumb
Hi Kawawa,

Odd, yeah, the file was completely blank 0KB.

I've since edited it now, so it has the single entry in it, was running a fresh OVA installation of XMC version 8.1.3.65

Thanks for the info anyway.

Will post back if it works.

Cheers