Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Per-user NAT IP address assignment in PIX. Please help!!

Reply
Thread Tools

Per-user NAT IP address assignment in PIX. Please help!!

 
 
Antonio Arias
Guest
Posts: n/a
 
      06-12-2004
Hello all,

I need to perform a per-user NAT translation and can't figure out if
this can be accomplished with PIX and ACS :

When an authenticated user gets access to my inside network, I need to
perform NAT to assign each one an specified IP address, maybe storing
the address in each user or group profile in ACS.

This is because of requirements of a web application inside the
firewall, which performs authentication based on IP -no way to change
this app.

Any suggestions, on whether this can be accomplished or definitely
not, would be very appreciated.

Thanks a lot.

A. Arias.
 
Reply With Quote
 
 
 
 
Bob by The Bay
Guest
Posts: n/a
 
      06-13-2004
Hi Antonio,

I don't believe NAT alone is going to do what you need, other than provide a
mechanism for a translation from an outside address to an inside address.

However, you might look into 802.1x Authentication as it provides some
per-user dynamic ACL capabilities. The documentation indicates 802.1x can
pass per user information such as an IP address from a Radius server, which
can be dynamically assigned to create an ACL on a multi-layer switch.

http://www.cisco.com/univercd/cc/td/....htm#wp1096673

Once assigned, I'm wondering if an ACL such as this can be used somehow with
NAT or DHCP to provide a pre-assigned or re-assigned inside network address
to an authenticated user.

This is an attempt at brain storming however and may not bear much
resemblance to the real world. But it might make a good research item for
yours or similar projects.

FWIW,
Bob

"Antonio Arias" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Hello all,
>
> I need to perform a per-user NAT translation and can't figure out if
> this can be accomplished with PIX and ACS :
>
> When an authenticated user gets access to my inside network, I need to
> perform NAT to assign each one an specified IP address, maybe storing
> the address in each user or group profile in ACS.
>
> This is because of requirements of a web application inside the
> firewall, which performs authentication based on IP -no way to change
> this app.
>
> Any suggestions, on whether this can be accomplished or definitely
> not, would be very appreciated.
>
> Thanks a lot.
>
> A. Arias.



 
Reply With Quote
 
 
 
 
Antonio Arias
Guest
Posts: n/a
 
      06-15-2004
Bob,

Thank you for your suggestions, i'll have a look at 802.1x, although
I'm afraid it isn't supported by PIX yet, only switches / WLANs.

Guess we will have to develop st using ipchains / apache.


"Bob by The Bay" <(E-Mail Removed)> wrote in message news:<v02zc.27387$eu.10251@attbi_s02>...
> Hi Antonio,
>
> I don't believe NAT alone is going to do what you need, other than provide a
> mechanism for a translation from an outside address to an inside address.
>
> However, you might look into 802.1x Authentication as it provides some
> per-user dynamic ACL capabilities. The documentation indicates 802.1x can
> pass per user information such as an IP address from a Radius server, which
> can be dynamically assigned to create an ACL on a multi-layer switch.
>
> http://www.cisco.com/univercd/cc/td/....htm#wp1096673
>
> Once assigned, I'm wondering if an ACL such as this can be used somehow with
> NAT or DHCP to provide a pre-assigned or re-assigned inside network address
> to an authenticated user.
>
> This is an attempt at brain storming however and may not bear much
> resemblance to the real world. But it might make a good research item for
> yours or similar projects.
>
> FWIW,
> Bob
>
> "Antonio Arias" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) m...
> > Hello all,
> >
> > I need to perform a per-user NAT translation and can't figure out if
> > this can be accomplished with PIX and ACS :
> >
> > When an authenticated user gets access to my inside network, I need to
> > perform NAT to assign each one an specified IP address, maybe storing
> > the address in each user or group profile in ACS.
> >
> > This is because of requirements of a web application inside the
> > firewall, which performs authentication based on IP -no way to change
> > this app.
> >
> > Any suggestions, on whether this can be accomplished or definitely
> > not, would be very appreciated.
> >
> > Thanks a lot.
> >
> > A. Arias.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Destination Address Translation with IOS NAT and IPSec (Help Please!) :) Xunzi Cisco 0 04-10-2009 09:38 PM
Re: PLEASE HELP ME WITH THIS ASSIGNMENT...PLEASE.... Daniel Fetchinson Python 4 09-11-2008 02:11 AM
Assignment operator self-assignment check Chris C++ 34 09-26-2006 04:26 AM
Augument assignment versus regular assignment nagy Python 36 07-20-2006 07:24 PM
Routing to public IP of NAT address from internal NAT address Andrew Albert Cisco 1 02-08-2005 07:05 PM



Advertisments