We've got our Juniper SRX 5800 doing our NAT for all wireless, plus all students and visitors (wired or wireless).
We send those logs (and the SRX is VERY CHATTY about NAT) to our Splunk server for the tying together of date/time, public IP and private IP - in the event we get a notice from some TLA. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart Sent: Monday, February 23, 2015 9:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT tracking question We use a Sonicwall E8500 for NAT, it will log all NAT translations and send them as syslog to a server for storage. I have logrotate changing files every hour to make it easier to search on. -- Heath Barnhart ITS Network Administrator Washburn University Topeka, KS On Wed, 2015-01-14 at 14:49 -0500, Jerry Bucklaew wrote: > To ALL: > > We have a large Cisco wireless deployment with public ip address > space. Getting more public IP's is getting difficult so we are > considering going to NAT. The issue we have with NAT is that we still > want to be able to map an outside IP back to a individual user. Once > you go to NAT that of course becomes more difficult to do. I know a > lot of you are probably already doing this and I was wondering how and > what products do you use? I assume most have a one to many NAT and then > use something like a netflow collector to to track the inside NAT IP to > the outside Src-IP/DST-IP/Port/Time. Any good working solutions or > products would be helpful. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,54eb4678132511923187575! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.