AnsweredAssumed Answered

Authentication via NAT

Question asked by Matt Bayliss on Nov 18, 2016
Latest reply on Nov 18, 2016 by Edward Davis

Our developers are trying to integrate Java Authentication Agent code into an application but are struggling because traffic appears to be being sent to the incorrect address.

 

This image shows an outline of the network topology in place.  Simply put, we have an RSA Authentication Manager installed in an IPV4 LAN with a 10.0.0.x/24 address space and authentication agents both on the same LAN and externally, with the intention that they could reach the RSA AM Primary server via a NAT address.

 

 

As above, some agents will be installed into the same LAN as the RSA AM Primary server (like RSA Agent #2 in the image), and some need to be on a different network and must use NAT translation to reach the RSA AM server (like RSA Agent #1 for example).

 

The problem we are having is that “external” (non-LAN) hosts are sending traffic to the LAN IP address and not to the external NAT address as needed.  The external NAT address has been configured in Security Console---Setup---System Settings--Alternative Instance IP Addresses and shows up in the Windows Authentication Agent software 7.1 as an Alternate IP.

 

How can Agents be forced to send requests to this alternate IP instead of the primary address?  Please also see the log file attached.

 

Matt

Attachments

Outcomes