Pap/chap authentication security, Pr el im in a ry – ADC 500L User Manual

PRELIMINARY

Chapter 9: Technical Reference

Megabit Modem 500L Installation Manual

57

PR

EL

IM

IN

A

RY

PAP/CHAP Authentication Security

Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol
(CHAP) are two ways to authenticate PPP sessions. PAP and CHAP are both offered since some
systems support only PAP. With PAP, the modem sends authentication requests to the service
provider and authentication occurs only once during the life of the link.

In CHAP, the service provider returns an authentication challenge to the modem during
authentication. CHAP can be renegotiated during the life of the link. Also, both the modem and
the service provider must support clear text versions of the password. The CHAP host field must
be the same on both ends of the session.

NAT

RFC 1631 Network Address Translation (NAT) provides the means to map private IP addresses
to the public IP addresses (proxy addresses) that are set up for the PPP sessions. Essentially, you
hide your private addresses behind the public IP address assigned to a session.

You can map one LAN user IP address to one of the three sessions you set up. If you want to
activate a different session, move the LAN user to the new session.

Static NAT entries are required only for applications that involve TCP/UDP connections
initiated from the remote end (WAN). An example is the RealPlayer™ application. The
RealPlayer (client) initiates a TCP connection to the RealServer™, which then initiates a
UDP connection back to RealPlayer. RealPlayer can then tell the server to use a specific
UDP port for the UDP connection. The user should set up a static NAT entry for the UDP
connection for RealPlayer to work properly through NAT.

UDP is connectionless where TCP is connection-oriented protocol. Both UDP and TCP use
protocol port numbers to distinguish services and sessions.