Cisco PIX NAT Translation
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Scooty on August 8, 2008, 3:25 am
Please log in for more thread options Hi all One I would put out there in the hope there might be a better way of doing this Currently we have a PIX that does NAT and PAT translations for the users accessing the internet All HTTP traffic is passed thru the PIX to a Linux box running Squid on Ubuntu 8.04 via a Global Address Pool When the PIX runs out of NAT addresses it does PAT, no worries it all works OK When I try and monitor the usage of the Squid server it looks at the translated IP and uses this for reporting in SARG or Webalizer When I have multiple systems accessing the net I cannot determine the true source address only the PAT'd address The users exist in multiple subnets and the Squid server is on 192.168.1.13 which is the DMZ subnet As Squid uses NT Authentication this is not an issue for users who authenticate against the Squid server but for users where there is no authentication all I see is the translated address and for PAT this is just one IP. I have no way of telling exactly what use it was / is Cheers, Scott | ||||||||||||||||
|
Posted by Christoph Gartmann on August 8, 2008, 3:58 am
Please log in for more thread options Have the Pix log to a syslog server its informational messages. Then you get a logfile where you find all the translations together with the time. Regards, Christoph Gartmann -- Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464 Immunbiologie Postfach 1169 Internet: gartmann@immunbio dot mpg dot de D-79011 Freiburg, Germany http://www.immunbio.mpg.de/home/menue.html | ||||||||||||||||
| Similar Threads | Posted |
| Using Cisco PIX without translation? | November 9, 2005, 1:35 am |
| Cisco PIX NAT Translation | August 8, 2008, 3:25 am |
| Cisco PIX 501 - How To Disable DNS Translation? | January 26, 2007, 11:29 am |
| Cisco voice translation-rule | November 17, 2005, 8:00 pm |
| Re: Cisco VPN behind a nat router with port translation. | February 18, 2007, 2:03 pm |
| Nat Translation | June 2, 2006, 1:56 pm |
| Re: VPN with NAT translation | June 24, 2005, 10:48 am |
| IP translation - It's possible? | May 8, 2007, 4:53 pm |
| PIX translation | November 21, 2007, 2:06 am |
| Dynamic Outside Translation | October 17, 2005, 4:29 pm |
| T1/ethernet translation | August 9, 2006, 10:02 am |
| Static Translation | September 16, 2006, 2:28 pm |
| translation rule | February 9, 2007, 10:51 am |
| PIX 535 firewall translation | January 26, 2008, 10:29 pm |
| Translation between router | July 14, 2008, 11:08 am |
>doing this
>Currently we have a PIX that does NAT and PAT translations for the
>users accessing the internet
>All HTTP traffic is passed thru the PIX to a Linux box running Squid
>on Ubuntu 8.04 via a Global Address Pool
>When the PIX runs out of NAT addresses it does PAT, no worries it all
>works OK
>When I try and monitor the usage of the Squid server it looks at the
>translated IP and uses this for reporting in SARG or Webalizer
>When I have multiple systems accessing the net I cannot determine the
>true source address only the PAT'd address
>
>The users exist in multiple subnets and the Squid server is on
>192.168.1.13 which is the DMZ subnet
>As Squid uses NT Authentication this is not an issue for users who
>authenticate against the Squid server but for users where there is no
>authentication all I see is the translated address and for PAT this is
>just one IP. I have no way of telling exactly what use it was / is