[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 590
  • Last Modified:

Tracking Hosts in a NAT/DHCP enviroment

I currently maintain a network for a small University that utilizes 9 class C public networks. We use a PIX 515E with NAT disabled. I would like to enable NAT and use the Class C public networks as my global NAT pool. We will also be implementing DHCP inside which will be 192.168.X.X (Divided amongst VLANs). Simple enough right?

The problem is that our Cheif Information Officer would like a way to track any inside host if we sense malicious activity or for any other reason. Right now it is quite easy since we all use static global IP addresses. So how can I track who is who if their IP's are dynamic and they use a dynamic NAT IP every time they pass through the PIX?
0
mikesparker
Asked:
mikesparker
  • 2
  • 2
1 Solution
 
lrmooreCommented:
You can use an external log host that will maintain a record of xlates (nat translations)
If you set DHCP for long or even permanent lease, then you have an easy way to map the translation, or you can do a one-one network translation, i.e.
10.100.100.0 = 150.150.100.0
each host in the private 10.100.100.x subnet will get the same last digit of the public space:
10.100.100.122 = 150.150.100.122 always
0
 
mikesparkerAuthor Commented:
I think we will make a DHCP reservation for each host. We will also make static NAT translations for servers, printers, ect. The external log host should cover the rest. We currently have an internal Syslog server. Will that work or do I need something else to log xlates?
0
 
lrmooreCommented:
The current syslog server should work. You  might want to "turn up" the level of syslogging, and exclude some extra messages that you'll get. I'm not sure if it is Informational or Notification level that will provide the xlates... it might even be debug level....
0
 
mikesparkerAuthor Commented:
You the man!
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now