topic NAT on firewall in Network Security

NAT on firewall

alkabeer80 — Mon, 11 Mar 2019 22:55:09 GMT

Hi, i have done dubble nat on firewall so that people from outside can not c my internal network and people from inside connect to local ip address to access services outside.

static ( inside,outside) 20.1.1.1 10.1.1.1 netmask 255.255.255.255

static ( outside, inside) 192.168.1.1 192.168.2.1 netmask 255.255.255.255

everything seems fine

now if user does not have nat translation lets say 10.1.1.2 tries to communicate with another one on the other end, the logs on the other company firewall see 's my internal ip as it is because it does not have translation.

How can i block any user that does not have translation to pass from my firewall to the other firewall

Teardown ICMP connection for faddr 20.1.1.1 gaddr 10.1.1.2 laddr 10.1.1.2

thanksssssssssss

NAT on firewall

alkabeer80 — Thu, 19 Apr 2012 07:20:10 GMT

Hello firewall experts

Re: NAT on firewall

Dan-Ciprian Cicioiu — Thu, 19 Apr 2012 07:25:06 GMT

Hi ,

you can enable nat-control. en > conf t > nat-control

By enabling nat-control , any flow from a higher security level (ex inside) to a lower security level ( ex. outside ) will not be permited if it is not sNATed.

This will affect all your flows.

Dan