Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Radius client behind NAT

This thread has been viewed 1 times

  • 1.  Radius client behind NAT

    Posted Nov 25, 2017 07:54 AM

    Hi community,

     

    I'm planning to put my CPPM server in a public zone with public IP address (technically, it still has private IP address but I public it through static NAT). This way, I can have my Radius client (NAS device) in the remote site to directly point to the public IP address of CPPM. My question is, can Radius work through NAT? My Radius client is behind a NAT device, just like the CPPM.

     

    Thank you,



  • 2.  RE: Radius client behind NAT

    EMPLOYEE
    Posted Nov 25, 2017 12:29 PM
    Standard NAD to RADIUS server should work fine.
    You will have some issues getting dynamic authorization to work (if that is required)


  • 3.  RE: Radius client behind NAT
    Best Answer

    MVP
    Posted Nov 27, 2017 04:10 PM

    If you are exposing ClearPass to the internet via public IP address, make sure you setup Applipcation Restrictions to prevent any IP address from accessing administrative pages - Please reference the ClearPass Hardening Guide.

     

    In terms of NAT, I've done it the other way and it required me add the NAT'd IP and the real IP as network devices, but you may not need to do this the way you are explaining.



  • 4.  RE: Radius client behind NAT

    Posted Nov 28, 2017 06:01 AM

    Thanks Tim and Michael for your advice. Much appreciate.