https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337504#M311481 <P>Hi,</P><P></P><P><SPAN style="font-size: 10pt;">It is forbidden to do NAT Exempt from Internal to DMZ ?</SPAN></P><P>I hear there is a compliance in banking that 2 server who needs to communicate but its forbidden to know each other ip address ?</P><P><SPAN style="font-size: 10pt;">How about NAT as second layer or firewall ?</SPAN></P><P><SPAN style="font-size: 10pt;">What is best practice to secure enterprise network from NAT point of view ?</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Thx</SPAN></P> Tue, 12 Mar 2019 02:47:49 GMT superlubis 2019-03-12T02:47:49Z https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337504#M311481 <P>Hi,</P><P></P><P><SPAN style="font-size: 10pt;">It is forbidden to do NAT Exempt from Internal to DMZ ?</SPAN></P><P>I hear there is a compliance in banking that 2 server who needs to communicate but its forbidden to know each other ip address ?</P><P><SPAN style="font-size: 10pt;">How about NAT as second layer or firewall ?</SPAN></P><P><SPAN style="font-size: 10pt;">What is best practice to secure enterprise network from NAT point of view ?</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Thx</SPAN></P> Tue, 12 Mar 2019 02:47:49 GMT https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337504#M311481 superlubis 2019-03-12T02:47:49Z https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337505#M311482 <HTML><HEAD></HEAD><BODY><P>Hello Ibrahim,</P><P></P><P>No, not at all, that is not a restriction at all. You can do it if needed.</P><P></P><P>Now looks like in your enviroment is a requirement that this 2 servers communicate with each other but they will not know each other IP address.</P><P></P><P>Then NAT is your friend as will satisfy the requirement you are looking for.</P><P></P><P>Well I do not consider NAT to be a security measure as for me it does not perform any inspection, any rule set any policy ,etc but I can ensure you there are a lot of people that think about it as a security measure.</P><P></P><P>I see it as an IP service that allows us to preserve the IP address space.</P><P></P><P><SPAN>For more information about Core and Security Networking follow my website at </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR /><SPAN>Any question contact me at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Sat, 05 Oct 2013 17:44:05 GMT https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337505#M311482 Julio Carvajal 2013-10-05T17:44:05Z https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337506#M311484 <HTML><HEAD></HEAD><BODY><P>Yes the same with me, and what i learn from CCNA or CCNP book is NAT is just for many local client accessing the internet and for translating ip private server to ip public server. Can i tighten up security with NAT ? whats is the best practice in cisco ?</P></BODY></HTML> Sun, 06 Oct 2013 02:22:59 GMT https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337506#M311484 superlubis 2013-10-06T02:22:59Z https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337507#M311486 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>And on the CCNA Track we also heard that NAT is for security purposes.</P><P></P><P>Again I dont think that way.</P><P></P><P> Can i tighten up security with NAT ? whats is the best practice in cisco ?</P><P>No, I mean what can you implement with NAT that will make your network more secure? Nothing.</P><P></P><P>You must think about content filtering, packet inspections, ACL, traffic encryption, Role based access, etc. Those kind of things that will make the network more secure <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P></P><P></P><P></P><P><SPAN>For more information about Core and Security Networking follow my website at </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR /><SPAN>Any question contact me at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Sun, 06 Oct 2013 06:48:33 GMT https://community.cisco.com/t5/network-security/securing-with-nat-best-practice/m-p/2337507#M311486 Julio Carvajal 2013-10-06T06:48:33Z