NAT Question

Experts,
I have taken over on a network where no documentation was left behind. I am trying to see what the NAT address is of each of the six servers are for documenting. On each server if I go to "Whatsmyip.com" on each server it always comes back with the WAN external IP address. The firewall is a Sonicwall TZ190 with enhanced OS. I looked inside to see if there was the NAT rules created in there....which I can see all the external IP's for the domain but all the old server names are still in there? They have since replaced all the servers since the Sonicwall was set up.
Is there any commands that I can run that will show me what the NAT address of each server is so I can match the NAT address to the Internal server address? IE: 66.64.123.456 = 192.168.10.10
Thanks!!!!
Paul_S01Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TNL_EngrConnect With a Mentor Commented:
You are right about SonicWall being different.  I like Cisco better (especially the ASA line), but the TZ190 is a great firewall too, and is pretty easy to configure once you get used to it.  

I expect your TZ190 was originally set up without a lot of organization.  As the network evolved, it was probably minimally programmed just to keep it working.  Now it's a mess to figure out.  Here are some things that are different about NAT on the TZ190 FW that might help you in figuring it out.  (The Administrator's Guide will be very helpful.)  Here's the link.
  http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0_TZ_180_190_Administrators_Guide.pdf

"With the new NAT engine, its necessary to write two policies  one to allow incoming requests
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound)."  The original administrator did not program the mapping the same both ways, so the NAT lookup returns the outbound interface when looking from the server.

"You can change the view your route policies in the NAT Policies table by selecting one of the
view settings in the View Style menu. All Policies displays all the routing policies including
Custom Policies and Default Policies. Initially, only the Default Policies are displayed in the
Route Policies table when you select All Policies from the View Style menu."
0
 
Kieran_BurnsCommented:
If they are all coming back with the same IP then the previous incumbent set up a HIDING NAT, not a static one.
this means that all the internal addresses hide behind the single external IP of the firewall
0
 
TNL_EngrCommented:
Based on your testing it appears that from the server side going out the servers are translating on the firewall outside address just like any other workstation.  It is possible that when the servers were changed, the new systems were not given 1 to 1 NATs, and are simply translating on the outside address.  

Look at it from the other direction.  What servers are accessible from the outside, and how are they accessed?  Do you have an email server or a web server hosted on the inside?  It is possible for these systems to be using NAT on the outside firewall interface, while port address translation is forwarding requests different directions based on incoming port (ie. 25, 80).

Try looking at your external domain DNS records.  Where do the various records (www, mail) point to?  This may help to determine which external addresses, if any, are still in use.
0
 
Paul_S01Author Commented:
Thanks TNL_Engr
There is one external IP that is used for the terminal sever that can be reached via RDP. I dont believe that there is 1 to 1 going on but the firewall is a Sonicwall TZ190 w enhanced OS......far different than a PIX! The access tables are not well defined as to what the access rules and from what I am seeing the external IPs listed in the access tables have the old server names in them. The terminal  sever is the only address that can be accessed from the outside, which is a different address from the WAN address. No email or web servers.
0
All Courses

From novice to tech pro — start learning today.