Solved

Tracking Hosts in a NAT/DHCP enviroment

Posted on 2003-12-08
4
584 Views
Last Modified: 2010-04-11
I currently maintain a network for a small University that utilizes 9 class C public networks. We use a PIX 515E with NAT disabled. I would like to enable NAT and use the Class C public networks as my global NAT pool. We will also be implementing DHCP inside which will be 192.168.X.X (Divided amongst VLANs). Simple enough right?

The problem is that our Cheif Information Officer would like a way to track any inside host if we sense malicious activity or for any other reason. Right now it is quite easy since we all use static global IP addresses. So how can I track who is who if their IP's are dynamic and they use a dynamic NAT IP every time they pass through the PIX?
0
Comment
Question by:mikesparker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9897679
You can use an external log host that will maintain a record of xlates (nat translations)
If you set DHCP for long or even permanent lease, then you have an easy way to map the translation, or you can do a one-one network translation, i.e.
10.100.100.0 = 150.150.100.0
each host in the private 10.100.100.x subnet will get the same last digit of the public space:
10.100.100.122 = 150.150.100.122 always
0
 

Author Comment

by:mikesparker
ID: 9898164
I think we will make a DHCP reservation for each host. We will also make static NAT translations for servers, printers, ect. The external log host should cover the rest. We currently have an internal Syslog server. Will that work or do I need something else to log xlates?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9898223
The current syslog server should work. You  might want to "turn up" the level of syslogging, and exclude some extra messages that you'll get. I'm not sure if it is Informational or Notification level that will provide the xlates... it might even be debug level....
0
 

Author Comment

by:mikesparker
ID: 9898630
You the man!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain Controller/ Old server 9 69
Replaced printer and cannot print 15 36
Windows 7's Backup Utility 12 61
is a device online 4 41
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question