Cisco Support Community
Community Member

Large Scale Dialout, NAT and Radius

Hello everybody,

We need to implement a Large Scale Dialout scenario soon and I am looking for some info. Central site needs to connect to about 200 external sites (for remote management). The goal is to have all the connection data coming from a Radius server (actually from a LDAP server). We will also use NAT to hide the remote site's IP ranges as well as the central site IP range (so that would be both source and destination NAT).

My question is this: can a Cisco router retrieve all this information from a Radius server ? I.e. connection info, authentication info and NAT rules ? We are obviously trying to avoid creating profiles on the router and NAT rules (each site would have each own NAT rule) for each remote site. The idea is not to have to touch the router when we need to add / delete / modify a remote site.

Any help is appreciated. Thanks

Best regards,

Stefan Radovanovici


Re: Large Scale Dialout, NAT and Radius

The large-scale dial-out documentation is here:

On the one hand I don't see a problem with trying this, although I've never done it myself. As long as the public address is in the RADIUS server, you should be fine. Wanting to NAT the central site may make it more interesting, but again the routing and NATing should be done prior to the router deciding it needs to dialout via AAA.

Let us know how it goes.

CreatePlease to create content