Re: Large edu's doing NAT campus wide?

[Kenneth Arnold <bkarnold () CBU EDU>]

We aren't a large university but we have been using NAT for many years
now.  The main reason that we switched was because our ISP was changing
its ISP and all of our IP addresses would have to change as a result.
Since then we have changed ISPs at least one more time.  Using NAT makes
us independent of the IP addresses of our ISP so we can easily change
ISPs in order to get a better deal.  We don't own our IP addresses.
Firewall syslogs can keep track of which internal IP address was using a
given external IP address at any given time so that problems reported to
us can be traced back to the device causing them.

Brother Kenneth Arnold
Christian Brothers University

Chris Allison wrote:
>     All,
>     I would be interested in hearing other peoples ideas concerning
> using a campus wide NAT to provide additional protection.
> At MU we are looking at adding NAT.  The idea would be that the
> internal address space would not be reachable from outside unless
> you used VPN or talked to the security guys about setting up a static
> IP and associated NAT map.
>     As you might imagine, a number of academic types don't like the
> idea.  For the most part, they have not created a convincing
> argument against.  My experience is they don't really come after you
> until after you pull the switch.
>     With all the devices coming onto campus, one does not have to look
> far to see we will have addressing problems soon.  In
> fact we are already having point issues and the occurrences are
> becoming more frequent.
>     We don't yet have experience with campus wide NAT, so I would very
> much like to know about others and;
> Joe,
>     Could you send me any responses you received?
>     Thanks,
>     Chris Allison, PMP
>     Miami University