Re: [radext] RDTLS #64 (new): 4.1 source port inclusion in the tracking table

[Alan DeKok <aland@deployingradius.com>]

Peter Deacon wrote:
> 1:100 NAT does not work in RADIUS nor does it work in DTLS so why should
> I care about this ridiculous example?

  I'm not sure what you mean by that.

  RADIUS works quite nicely through a NAT, so long as all of the clients
behind the NAT use the same shared secret.

  DTLS can work through a NAT, where each client has a unique
certificate.  The only requirement is that the mapping of client IP/port
to NAT source port doesn't change for the lifetime of the session.

  I believe that this is how NATs work today.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>