[c-nsp] NAT-Device with authentication ?

Brett Looney brett at looney.id.au
Wed Dec 16 19:15:57 EST 2009


> are there any (cisco)-NAT-devices which enable the NAT after the user
> has done some kind of authentication - which is checked against a 
> radius-server or an active directory for example ?

You're probably looking for the IOS auth-proxy feature. A configuration
example is here:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration
_example09186a0080094655.shtml

It works well - there is a limit on how big your HTML file can be - I've
gotten around this where a customer wanted to display a large terms and
condition page by putting those in an IFRAME and serving it from an external
web server.

You can also specify hosts that can be reached without authentication by
tweaking the access list.

HTH.

B.




More information about the cisco-nsp mailing list