Forum Discussion
JRahm
Apr 05, 2010Admin
Option 1) Leave your configuration as is, with mgmt auth traffic riding your production data path. This isn't necessarily bad, but might conflict with security policies if in DMZ environment. I've seen many environments with this exact configuration as it is simpler and more cost effective than standing up additional infrastructure for management traffic.
Option 2) Define a nat on your gateway that you can point to as your mgmt auth target, which will then translate the destination to your real AD address, and translate the source of your mgmt IP to the gateway/nat so the traffic is returned correctly