"many to one NAT" or PAT and RIAA

[John LaPrad <jrl () SVSU EDU>]

     We have put in place a system to load balance our ISP connections. It uses a dynamic "many to one NAT" to do this. 
Its very effective at load balancing, but I am having a hard time getting enough log information to uniquely identify 
internal users. There are typically thousands of users on a given IP address at one time, and to make it worse a single 
users Internet session may bounce between three different ISP connections.
          I can, and do keep netflow data, so I can look up an internal IP and see their Internet traffic. But if I get 
a communication saying that such an IP at such a time did something wrong. I have no idea who that was. If they give me 
a destination address, sometimes I can find one user that was there at that time, but sometimes there are more then 
one, and because of the PAT, I do not know which one they are referring to. 
     What I am wondering is, regarding the RIAA and perhaps homeland security, what are our obligations as far as 
logging our users Internet activity? Do we have to be able to un-ambiguously connect an inside user to a outside IP. 
Are the Netflow logs (showing the inside address--but not the public address which would be logged at the other site) 
sufficient for this? 
 
 
 
 
______________________________________________________________________
John LaPrad 
CISSP, CNE, CCNA, CCDA
Manager of Network Services
Saginaw Valley State University
Phone: 989-964-7134
Fax: 989-964-7446

Attachment: John LaPrad2.vcf
Description: