0 Replies Latest reply on Sep 21, 2011 1:46 PM by franz_herrmann

    Is it possible to influence NAS IP in Radius request?

      On Sidewinder 7.0.1.02 we are facing the challenge to use different radius profiles to the same Radius server to have different realms within the Radius server  (One time passwords with tokens) for admin access and user authentication for passport rules. Since the Radius server cannot be distinguished by IP or port we are using a firewall on the way from Sidewinder to Radius server to do different source NAT and redirect to the Radius Server to be able to separate between the different requests.

       

      On two Sidewinder firewalls both the same patch level 7.0.1.02H17 we see different behaviour concerning the NAS IP in the payload of the Radius request. One Sidewinder is sending 0.0.0.0 within the payload and thus the Radius server uses the source IP from the IP header to run through its assigment of  realm-profiles. Here our strategy works as desired since the Radius requests for admin access and client auth differ in IP header source IP to the Radius server.

       

      On the other Sidewinder we see the NAS IP set to the cluster IP of the interface facing to the Radius server. In these requests the Radius servers cannot distinguish the two different requests as it prefers the NAS IP in the payload to assign profiles.

       

      So now the question: Is it possible to add a command line parameter to radiusw or do any settings in one of the warder-config files the force the NAS IP to be set to 0.0.0.0 ?