Say I want to use my internal RADIUS server to authenticate users when they
dial into an ISP (e.g. GTE). Assuming I can get GTE to agree to such an
arrangement :), what is the best way to pass the traffic thru the firewall?
Could I just do something like this (as a NAT rule?):
Original:
Source=ISPAuthServer
Dest=Firewall
Service=RADIUS
Translated:
Source=ISPAuthServer
Dest=InternalRADIUSServer
Service=Original
I know it isn't the best practice to allow ports directly to your firewall,
but isn't the other solution (i.e. proxy arp) just as bad in terms of
security? FW is CP2000 on NT4, and I've heard nothing but woe regarding
proxy ARP on NT. Any ideas would be most appreciated.
TIA...
Dan Hitchcock
MCSE, CCNA
Network Engineer
HomeStreet Bank
206.389.4467
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
