If you are running through a Cisco ASA this might help: http://superobscure.com/post/42857161844/using-syslog-to-log-nat-translations-on-a-cisco
you'll want the following messages filtered on your ASA pointed to your syslog server: 305009-305010 - covers NAT translation 305011-305012 - covers PAT translation http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm41/system/message/logmsgs.html#wp1280945 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jerry Bucklaew Sent: Wednesday, January 14, 2015 1:49 PM To: [email protected] Subject: Re: [WIRELESS-LAN] NAT tracking question To ALL: We have a large Cisco wireless deployment with public ip address space. Getting more public IP's is getting difficult so we are considering going to NAT. The issue we have with NAT is that we still want to be able to map an outside IP back to a individual user. Once you go to NAT that of course becomes more difficult to do. I know a lot of you are probably already doing this and I was wondering how and what products do you use? I assume most have a one to many NAT and then use something like a netflow collector to to track the inside NAT IP to the outside Src-IP/DST-IP/Port/Time. Any good working solutions or products would be helpful. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
