Accountability with NAT

• From: "Curtis Kline" <ckline@xxxxxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Wed, 6 Feb 2002 11:33:24 -0700

Here's my implementation scenario:

In our higher education environment, network traffic accountability is
important. We currently do not use Network Address Translation (NAT) for
that reason... If someone is bad on someone's computer, we can determine
quickly and easily (by IP address) whose computer it was and shut it down.

SO, I have two questions:

1. Can we run ISA without NAT, and use public IP space inside (the
internal public space would obviously be in the LAT.) ? If so, then we
maintain accountability as we do today.

2. If we have to use NAT, and someone is bad, how do we match up some
network traffic out on the Internet that appears to be coming from our
ISA's external IP with an internal machine? Is there some kind of
translation log that will help us with this?

Let me know if these questions aren't clear.. I'd be happy to clarify.


Thanks in advance for any help!

Curtis Kline
UC Santa Barbara

Other related posts:

• » Accountability with NAT
• » Re: Accountability with NAT
• » Re: Accountability with NAT
• » Re: Accountability with NAT

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---