ā01-05-2017 03:44 PM - edited ā03-11-2019 12:20 AM
Hi gurus,
has anyone implemented radius communication across NAT that translates the IP address of the radius client with one to one static translation?
In this scenario, Cisco Wireless LAN controllers are the clients of radius services that is provided by MS NPS servers. The NAD device translates the IP of the radius client.
So, radius request packets seen on the server side appears to originate from the NATed IP address.
In the radius response packet, it normally includes the NAS IP as one of the attributes. But, as the NPS server got the packets with NATed IP of the client, it appears that NAS IP in the radius response packet is the NATed IP which is different from the real IP of the NAS.
Has anyone ever implemented this before?
ā01-07-2017 02:50 PM
I would re-engineer this to not have to send RADIUS packets through NAT. I think you are begging to have issues.
ā01-08-2017 03:33 PM
Thank you for your opinion.
There are some cornerstones where you have no other options. IP conflict during mergers, acquisitions, etc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide