https://community.cisco.com/t5/network-security/firewalling-best-practise/m-p/1857255#M456254 <HTML><HEAD></HEAD><BODY><P>Hello Dmitry,</P><P></P><P>That depends on you, you can disable nat control and use the public ip addresses, I would rather to use nat as it adds a little bit of security to your network as the outside users will not know witch is the private ip address of each internal server.</P><P></P><P>You will be able to accomplish all you are looking for, seems like the ASA is the firewall device that will implement all your needs on the best way!</P><P></P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Tue, 24 Jan 2012 17:31:48 GMT Julio Carvajal 2012-01-24T17:31:48Z https://community.cisco.com/t5/network-security/firewalling-best-practise/m-p/1857254#M456253 <P>We have purchased a Cisco ASA 5505 to protect the servers behind it and I have a question on how to go about it. This is what we have:</P><P></P><P>- 5 servers with dedicated public IPs and some have more than one (web hosting)</P><P>- 2 switches, one for public network and one for internal netowkr (for backing up and faster access between the servers)</P><P></P><P>What we want to achieve:</P><P></P><P>- Place all the servers behind the firewall so we can control ports per server</P><P>- Have a site-to-site VPN so we can access the UC560 that is hosted at this site for our telephones at this office (already working)</P><P></P><P>Any suggestions/recommendations? Should be still have an private IP addressing?</P><P></P><P>Many thanks,</P><P>Dmitry</P> Mon, 11 Mar 2019 22:18:47 GMT https://community.cisco.com/t5/network-security/firewalling-best-practise/m-p/1857254#M456253 Dmitry Golovenkin 2019-03-11T22:18:47Z https://community.cisco.com/t5/network-security/firewalling-best-practise/m-p/1857255#M456254 <HTML><HEAD></HEAD><BODY><P>Hello Dmitry,</P><P></P><P>That depends on you, you can disable nat control and use the public ip addresses, I would rather to use nat as it adds a little bit of security to your network as the outside users will not know witch is the private ip address of each internal server.</P><P></P><P>You will be able to accomplish all you are looking for, seems like the ASA is the firewall device that will implement all your needs on the best way!</P><P></P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Tue, 24 Jan 2012 17:31:48 GMT https://community.cisco.com/t5/network-security/firewalling-best-practise/m-p/1857255#M456254 Julio Carvajal 2012-01-24T17:31:48Z