Hi, > #66: NAT nits > > ''8.2. "Network Address Translation (NAT) is fundamentally incompatible > with RADIUS. RADIUS uses the source IP address to determine the shared > secret for the client, and NAT hides many clients behind one source IP > address."'' > > There are no problems with full cone or ALGs acting as proxies. Is that really true if DynAuth is concerned? A DynAuth packet needs to reach the actual NAS. If there is >1 NAS behind any form of NAT, how would the NAT ALG proxy figure out how to forward to which NAS? Greetings, Stefan Winter > Recommend: > > Some forms of Network Address Translation (NAT) are incompatible with > RADIUS.... > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - RÃseau TÃlÃinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Attachment:
signature.asc
Description: OpenPGP digital signature