Solved

Tracking Hosts in a NAT/DHCP enviroment

Posted on 2003-12-08
4
580 Views
Last Modified: 2010-04-11
I currently maintain a network for a small University that utilizes 9 class C public networks. We use a PIX 515E with NAT disabled. I would like to enable NAT and use the Class C public networks as my global NAT pool. We will also be implementing DHCP inside which will be 192.168.X.X (Divided amongst VLANs). Simple enough right?

The problem is that our Cheif Information Officer would like a way to track any inside host if we sense malicious activity or for any other reason. Right now it is quite easy since we all use static global IP addresses. So how can I track who is who if their IP's are dynamic and they use a dynamic NAT IP every time they pass through the PIX?
0
Comment
Question by:mikesparker
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
Comment Utility
You can use an external log host that will maintain a record of xlates (nat translations)
If you set DHCP for long or even permanent lease, then you have an easy way to map the translation, or you can do a one-one network translation, i.e.
10.100.100.0 = 150.150.100.0
each host in the private 10.100.100.x subnet will get the same last digit of the public space:
10.100.100.122 = 150.150.100.122 always
0
 

Author Comment

by:mikesparker
Comment Utility
I think we will make a DHCP reservation for each host. We will also make static NAT translations for servers, printers, ect. The external log host should cover the rest. We currently have an internal Syslog server. Will that work or do I need something else to log xlates?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
The current syslog server should work. You  might want to "turn up" the level of syslogging, and exclude some extra messages that you'll get. I'm not sure if it is Informational or Notification level that will provide the xlates... it might even be debug level....
0
 

Author Comment

by:mikesparker
Comment Utility
You the man!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now