Packet Flow of Guest Services With Cisco ISE and F5 BIG-IP as a load balancer, understanding the packet flow before moving to implementation, very important to know what we are doing and what we are implementing.
-First Step, there is a virtual server Type Standard to load balance the Radius Packets. Based on the Load Balancing Algorithm, the BIG-IP selects a Pool Member. We have a Full Proxy in action. The PSN-2 responds with an URL redirection: https://psn-2.lab.local/…../cwa through a radius access-accept packet to response to radius access-request sent by the NAD, this is the captive portal.
-Second Step, once the Guest is connected and typed any website, it receives an URL Redirection from the NAD, https://psn-2.lab.local/…../cwa. The Guest will a DNS resolution to find the IP address which is the 10.1.5.11, to allow a direct communication we need a Virtual Server Type Forwarding IP, this is a packet basis, it sends an HTTPS request and receives an HTTPS response and the portal is displayed to authenticate the guest.
Demystify and Simplify 