topic NAT example - Increased Security? in Network Security https://community.cisco.com/t5/network-security/nat-example-increased-security/m-p/1567016#M602215 <P>Came across an unusual example of NAT in an ASA recently, difficult to explain but it looked like it was doing a double NAT.</P><P></P><P>E.g.</P><P>Outside IP 222.222.222.222<BR />Mail server 192.168.1.10 (real IP)</P><P><BR />In the config there were standard nat rules which translated the destination/outside IP to other IPs (one-many), however the IP it was translated to was for example 172.16.1.10</P><P></P><P>There was then another nat rule which translated the whole subnet 172.16.1.x to 192.168.1.x, the access list obviously reflected access from the outside to the translated IP 172.16.1.10</P><P></P><P>The guy which configured it seemed to make out it increased security as it masked the internal IP range, just wondered what other peoples opinions are as it seems pointless to me - the dst and source nat rules surely hide the internal ip scheme anyway??</P><P></P><P>Thanks in advanced</P> Mon, 11 Mar 2019 18:47:52 GMT ma77smith 2019-03-11T18:47:52Z NAT example - Increased Security? https://community.cisco.com/t5/network-security/nat-example-increased-security/m-p/1567016#M602215 <P>Came across an unusual example of NAT in an ASA recently, difficult to explain but it looked like it was doing a double NAT.</P><P></P><P>E.g.</P><P>Outside IP 222.222.222.222<BR />Mail server 192.168.1.10 (real IP)</P><P><BR />In the config there were standard nat rules which translated the destination/outside IP to other IPs (one-many), however the IP it was translated to was for example 172.16.1.10</P><P></P><P>There was then another nat rule which translated the whole subnet 172.16.1.x to 192.168.1.x, the access list obviously reflected access from the outside to the translated IP 172.16.1.10</P><P></P><P>The guy which configured it seemed to make out it increased security as it masked the internal IP range, just wondered what other peoples opinions are as it seems pointless to me - the dst and source nat rules surely hide the internal ip scheme anyway??</P><P></P><P>Thanks in advanced</P> Mon, 11 Mar 2019 18:47:52 GMT https://community.cisco.com/t5/network-security/nat-example-increased-security/m-p/1567016#M602215 ma77smith 2019-03-11T18:47:52Z Re: NAT example - Increased Security? https://community.cisco.com/t5/network-security/nat-example-increased-security/m-p/1567017#M602216 <HTML><HEAD></HEAD><BODY><P>Hey,</P><P></P><P>That's interesting. I want to reserve my comments unless i am able to have a look at the example in entirety. Please share the link for that. If it is indeed implementing double NAT, it does not work.</P><P></P><P>Thanks and Regards,</P><P>Prapanch</P></BODY></HTML> Thu, 30 Sep 2010 14:46:00 GMT https://community.cisco.com/t5/network-security/nat-example-increased-security/m-p/1567017#M602216 praprama 2010-09-30T14:46:00Z