Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass and NADs with overlapping IPs

This thread has been viewed 0 times

  • 1.  Clearpass and NADs with overlapping IPs

    Posted Sep 06, 2018 04:47 AM

    Hello

     

    Could you please explain, how should I solve the following situation.

    Two companies authenticate with the same Clearpass. Both have NAD network, but they use the same ip ranges (lets say 192.168.100.0/24).

    They are connected to the CPPM over some L3 network (which can take some advanced functionality if required).

     

    So, CPPM can't route back Radius packets.. Even adding a NAD is complicated, because they are using the same IP addresses.

     

    Two feasible solutions come to my mind - it's NAT and Radius proxy.

    NAT: i'm not sure, that there is NAT which could rewrite inside Radius packets, not only the IP source/destination. So, i'm not sure if it will work.

    Radius proxy: Knowing nothing about 'Radius proxies' (what is it - haproxy working on 1812?) i'm also not sure if I'd be able to differentiate devices while creating them in CPPM.

     

    Could you please advise with some keywords on what technology i should use here? (beside re-addressing ;) but it's last resort..).

     

    Thank you!



  • 2.  RE: Clearpass and NADs with overlapping IPs

    Posted Sep 06, 2018 06:28 AM
    Surely, just using NAT on one of the customers traffic would solve this.