https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504110#M733924 <HTML><HEAD></HEAD><BODY><P>Hi Sushil,</P><P></P><P>You can use either the ASA or router for NAT.</P><P>I prefer doing NAT on the ASA.</P><P></P><P>Normally, you decide to do NAT on the device that has the public IP assigned.</P><P>If in this case, the router is having the public IP, I say NAT on the router.</P><P></P><P>The IPsec VPN clients still can connect to the ASA if you create a STATIC NAT translation to redirect VPN traffic to the ASA.</P><P>So, the VPN clients will actually connect to the public IP of the router, which will redirect the connection to the ASA.</P><P></P><P>If on the other hand, the ASA also has a public IP, so NAT on the ASA and terminate the VPNs on that IP.</P><P></P><P>Either way, you can't go wrong, as long as the equipment that you have support the amount of traffic and connections.</P><P></P><P>Federico.</P></BODY></HTML> Fri, 07 May 2010 13:36:58 GMT Federico Coto Fajardo 2010-05-07T13:36:58Z https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504109#M733919 <P>Hi,</P><P></P><P>What would be the best place to nat&nbsp; in a network.</P><P></P><P>Router or ASA?</P><P></P><P>Router would be terminating the ISP connection and then ASA in place.</P><P></P><P>As ASA doesn't have the option of PBR.Is it would be better to have it on Router.</P><P></P><P>On the other hand Wanted to run IPSEC on ASA,but how would remote users or Remote peer see this if it is sitting behind a natted router?</P><P></P><P>Is it to be done based out of deliverable or is there any thumb rule to this.</P><P></P><P>Curious to know if router can be used instead of ASA for Nat?</P><P>What are pros and cons using this?</P><P></P><P>Reg,</P><P>Sushil</P> Mon, 11 Mar 2019 17:42:20 GMT https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504109#M733919 sushil 2019-03-11T17:42:20Z https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504110#M733924 <HTML><HEAD></HEAD><BODY><P>Hi Sushil,</P><P></P><P>You can use either the ASA or router for NAT.</P><P>I prefer doing NAT on the ASA.</P><P></P><P>Normally, you decide to do NAT on the device that has the public IP assigned.</P><P>If in this case, the router is having the public IP, I say NAT on the router.</P><P></P><P>The IPsec VPN clients still can connect to the ASA if you create a STATIC NAT translation to redirect VPN traffic to the ASA.</P><P>So, the VPN clients will actually connect to the public IP of the router, which will redirect the connection to the ASA.</P><P></P><P>If on the other hand, the ASA also has a public IP, so NAT on the ASA and terminate the VPNs on that IP.</P><P></P><P>Either way, you can't go wrong, as long as the equipment that you have support the amount of traffic and connections.</P><P></P><P>Federico.</P></BODY></HTML> Fri, 07 May 2010 13:36:58 GMT https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504110#M733924 Federico Coto Fajardo 2010-05-07T13:36:58Z https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504111#M733929 <HTML><HEAD></HEAD><BODY><P>I would prefer to use an ASA for the translations as they are designed and more efficient for it.</P><P>Routers can still do it as already suggested.</P><P></P><P>PK</P></BODY></HTML> Fri, 07 May 2010 15:06:40 GMT https://community.cisco.com/t5/network-security/nat-or-router-vs-asa/m-p/1504111#M733929 Panos Kampanakis 2010-05-07T15:06:40Z