Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment.
In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" <p...@stlawu.edu> wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ********** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.