Solved

NAT Question

Posted on 2008-10-09
4
1,364 Views
Last Modified: 2012-05-05
Experts,
I have taken over on a network where no documentation was left behind. I am trying to see what the NAT address is of each of the six servers are for documenting. On each server if I go to "Whatsmyip.com" on each server it always comes back with the WAN external IP address. The firewall is a Sonicwall TZ190 with enhanced OS. I looked inside to see if there was the NAT rules created in there....which I can see all the external IP's for the domain but all the old server names are still in there? They have since replaced all the servers since the Sonicwall was set up.
Is there any commands that I can run that will show me what the NAT address of each server is so I can match the NAT address to the Internal server address? IE: 66.64.123.456 = 192.168.10.10
Thanks!!!!
0
Comment
Question by:Paul_S01
  • 2
4 Comments
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 22679796
If they are all coming back with the same IP then the previous incumbent set up a HIDING NAT, not a static one.
this means that all the internal addresses hide behind the single external IP of the firewall
0
 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22679924
Based on your testing it appears that from the server side going out the servers are translating on the firewall outside address just like any other workstation.  It is possible that when the servers were changed, the new systems were not given 1 to 1 NATs, and are simply translating on the outside address.  

Look at it from the other direction.  What servers are accessible from the outside, and how are they accessed?  Do you have an email server or a web server hosted on the inside?  It is possible for these systems to be using NAT on the outside firewall interface, while port address translation is forwarding requests different directions based on incoming port (ie. 25, 80).

Try looking at your external domain DNS records.  Where do the various records (www, mail) point to?  This may help to determine which external addresses, if any, are still in use.
0
 

Author Comment

by:Paul_S01
ID: 22680986
Thanks TNL_Engr
There is one external IP that is used for the terminal sever that can be reached via RDP. I dont believe that there is 1 to 1 going on but the firewall is a Sonicwall TZ190 w enhanced OS......far different than a PIX! The access tables are not well defined as to what the access rules and from what I am seeing the external IPs listed in the access tables have the old server names in them. The terminal  sever is the only address that can be accessed from the outside, which is a different address from the WAN address. No email or web servers.
0
 
LVL 4

Accepted Solution

by:
TNL_Engr earned 250 total points
ID: 22681512
You are right about SonicWall being different.  I like Cisco better (especially the ASA line), but the TZ190 is a great firewall too, and is pretty easy to configure once you get used to it.  

I expect your TZ190 was originally set up without a lot of organization.  As the network evolved, it was probably minimally programmed just to keep it working.  Now it's a mess to figure out.  Here are some things that are different about NAT on the TZ190 FW that might help you in figuring it out.  (The Administrator's Guide will be very helpful.)  Here's the link.
  http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0_TZ_180_190_Administrators_Guide.pdf

"With the new NAT engine, its necessary to write two policies  one to allow incoming requests
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound)."  The original administrator did not program the mapping the same both ways, so the NAT lookup returns the outbound interface when looking from the server.

"You can change the view your route policies in the NAT Policies table by selecting one of the
view settings in the View Style menu. All Policies displays all the routing policies including
Custom Policies and Default Policies. Initially, only the Default Policies are displayed in the
Route Policies table when you select All Policies from the View Style menu."
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now