Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

DNS DHCP IPAM

Reply
Highlighted
Accepted Solution

IPAM tracking NAT Address

Techie
Posts: 1
5608     0

I am trying to find out if the IPAM process can track NAT translations on both Cisco ASA's and CheckPoint firewalls. I am having a hard time constantly mapping my extnernal NAT address to the internal servers.

 

If it is possible, what level of permissions do I need to give IPAM to monitor these tables?

 

Thanks!

Highlighted

Re: IPAM tracking NAT Address

Adviser
Posts: 86
5609     0

AFAIK, there is no in-built mechanism to do this automatically (other than scripting). What I would personally do is create an extensible attribute for the NAT address and map it against the internal IP. Export the list in a CSV and when you need to make changes, change the CSV and import to update in bulk. If you need to make individual changes then by all means edit the individual extensible attribute. 

Highlighted

Re: IPAM tracking NAT Address

Techie
Posts: 5
5609     0

This really is a pain--not being able to reliably track NATs and VIPs.

Highlighted

Re: IPAM tracking NAT Address

Community Manager
Community Manager
Posts: 356
5609     0

@tsmith4usac wrote:

This really is a pain--not being able to reliably track NATs and VIPs.


Infoblox provides a number of features to try and help with managing many different services. The Network Insight or NetMRI products might be able to accomplish what you are looking for here as those are purposely built for monitoring network changes and updating this information in IPAM, though NAT's and VIP's don't always have a tie in that is visible with simple network scans that makes what you're looking for here possible.

 

Additionally, if there is something missing that you think you could really benefit from, the Infoblox Support team or your account representative would love to hear about that from you. Your feedback is valuable as this helps guide the direction for future development and while it may be something that is obvious to you, it may not have been to others or it could be that the demand for that feature was underestimated and the more requests that are received for something, the higher the priority will be for getting that feature implemented. I for one could envision an additional field in a Host record for a NAT or VIP and an additional option to allow that IP to be served for any DNS queries for that Host record. If you think something like that would benefit you, definitely bring that up with your account rep or Infoblox Support so that we can make sure that gets the attention it deserves.

 

Thank you,

Tony

Showing results for 
Search instead for 
Do you mean 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin