Solved

Tracking Hosts in a NAT/DHCP enviroment

Posted on 2003-12-08
4
585 Views
Last Modified: 2010-04-11
I currently maintain a network for a small University that utilizes 9 class C public networks. We use a PIX 515E with NAT disabled. I would like to enable NAT and use the Class C public networks as my global NAT pool. We will also be implementing DHCP inside which will be 192.168.X.X (Divided amongst VLANs). Simple enough right?

The problem is that our Cheif Information Officer would like a way to track any inside host if we sense malicious activity or for any other reason. Right now it is quite easy since we all use static global IP addresses. So how can I track who is who if their IP's are dynamic and they use a dynamic NAT IP every time they pass through the PIX?
0
Comment
Question by:mikesparker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9897679
You can use an external log host that will maintain a record of xlates (nat translations)
If you set DHCP for long or even permanent lease, then you have an easy way to map the translation, or you can do a one-one network translation, i.e.
10.100.100.0 = 150.150.100.0
each host in the private 10.100.100.x subnet will get the same last digit of the public space:
10.100.100.122 = 150.150.100.122 always
0
 

Author Comment

by:mikesparker
ID: 9898164
I think we will make a DHCP reservation for each host. We will also make static NAT translations for servers, printers, ect. The external log host should cover the rest. We currently have an internal Syslog server. Will that work or do I need something else to log xlates?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9898223
The current syslog server should work. You  might want to "turn up" the level of syslogging, and exclude some extra messages that you'll get. I'm not sure if it is Informational or Notification level that will provide the xlates... it might even be debug level....
0
 

Author Comment

by:mikesparker
ID: 9898630
You the man!
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question