Frequent Contributor I

Radius client behind NAT

Hi community,


I'm planning to put my CPPM server in a public zone with public IP address (technically, it still has private IP address but I public it through static NAT). This way, I can have my Radius client (NAS device) in the remote site to directly point to the public IP address of CPPM. My question is, can Radius work through NAT? My Radius client is behind a NAT device, just like the CPPM.


Thank you,

Guru Elite

Re: Radius client behind NAT

Standard NAD to RADIUS server should work fine.
You will have some issues getting dynamic authorization to work (if that is required)

Tim Cappalli | Aruba Security TME
@timcappalli | | ACMX #367 / ACCX #480

Re: Radius client behind NAT

If you are exposing ClearPass to the internet via public IP address, make sure you setup Applipcation Restrictions to prevent any IP address from accessing administrative pages - Please reference the ClearPass Hardening Guide.


In terms of NAT, I've done it the other way and it required me add the NAT'd IP and the real IP as network devices, but you may not need to do this the way you are explaining.

Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. |
Frequent Contributor I

Re: Radius client behind NAT

Thanks Tim and Michael for your advice. Much appreciate.

Search Airheads
Showing results for 
Search instead for 
Did you mean: