cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

192
Views
0
Helpful
2
Replies
Highlighted
Beginner

Cisco Wireless LAN controller as radius client of a Microsoft NPS server that sits behind NAT device

Hi gurus,

has anyone implemented radius communication across NAT that translates the IP address of the radius client with one to one static translation?

In this scenario, Cisco Wireless LAN controllers are the clients of radius services that is provided by MS NPS servers. The NAD device translates the IP of the radius client.

So, radius request packets seen on the server side appears to originate from the NATed IP address.

In the radius response packet, it normally includes the NAS IP as one of the attributes. But, as the NPS server got the packets with NATed IP of the client, it appears that NAS IP in the radius response packet is the NATed IP which is different from the real IP of the NAS. 

Has anyone ever implemented this before?

2 REPLIES 2
Highlighted
Advisor

I would re-engineer this to not have to send RADIUS packets through NAT.  I think you are begging to have issues.

Highlighted

Thank you for your opinion.

There are some cornerstones where you have no other options. IP conflict during mergers, acquisitions, etc.

Content for Community-Ad