GRE tunnel endpoint on NAC gateways?

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi,

short question - is it possible to setup a GRE tunnel endpoint within an NAC gateway like in purview appliances?
Goal: achieve user account information from kerberos packets in NAC, virtualized gateways, policy mirror for kerberos
Photo of mp2014

mp2014

  • 1,058 Points 1k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Kurt Semba

Kurt Semba, Employee

  • 1,230 Points 1k badge 2x thumb
That is not possible at the moment.
But: if you happen to have XOS-based switches, you can use their Identity Manager (IDM) to forward XML notifications containing Kerberos data to Netsight/NAC.
Photo of Michael Kirchner

Michael Kirchner

  • 1,846 Points 1k badge 2x thumb
Also you could just mirror your Kerberos traffic from the S/K series switch to a free port of Tour NAC Appliance. But without GRE.

Regards Michael
Photo of mp2014

mp2014

  • 1,058 Points 1k badge 2x thumb
i only use virtualized nac gateways - so i dont want to mirror traffic to any esx host, using dedicated NICs in the servers isnt an option.
Photo of Michael Kirchner

Michael Kirchner

  • 1,846 Points 1k badge 2x thumb
I see - in this case this would be a pretty good feature request.

a) GRE Tunnel support for NAC Appliance
b) Sharing of Kerberos information from Purview to NAC

By the way, if you use 802.1X the kerberos Info is not used anyway because the same Field in the NAC info tupel is used. I requested to introduce a new field for this.