https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122039#M878206 <HTML><HEAD></HEAD><BODY><P>This depends on if you hhave a static NAT or PAT or a global NAT/PAT. Read the below link will all relevant information:-</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml</A></P><P></P><P></P></BODY></HTML> Fri, 02 Jan 2009 12:59:04 GMT andrew.prince 2009-01-02T12:59:04Z https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122038#M878205 <P>Dear Team,</P><P></P><P>Whether doing Hide NAT(Hide behind IP or Hide behind Gateway) will automatically add two rules in the rulebase.</P><P></P><P>For example If someone from internal network want to access external public IP</P><P></P><P>Internal Network 10.10.10.1/24</P><P></P><P>External IP:- 1.1.1.1(Public IP)</P><P></P><P>NAT IP:- 2.2.2.2</P><P></P><P>Now when the internal network accesses the public IP it will get Hide NATed to the public IP 2.2.2.2--</P><P></P><P>Will that mean the one more rulebase will get created automatically(because of Hide NAT) which will mean that the external IP (1.1.1.1) can access 2.2.2.2 and then this 2.2.2.2 IP will get NATed to 10.10.10.1</P><P></P><P>Am I correct?</P><P></P><P>If yes then will that mean that at a time either internal network can access external IP OR external IP can access internal network.</P> Mon, 11 Mar 2019 14:31:42 GMT https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122038#M878205 palsukh2002 2019-03-11T14:31:42Z https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122039#M878206 <HTML><HEAD></HEAD><BODY><P>This depends on if you hhave a static NAT or PAT or a global NAT/PAT. Read the below link will all relevant information:-</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml</A></P><P></P><P></P></BODY></HTML> Fri, 02 Jan 2009 12:59:04 GMT https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122039#M878206 andrew.prince 2009-01-02T12:59:04Z https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122040#M878207 <HTML><HEAD></HEAD><BODY><P>With Checkpoint:</P><P></P><P>NAT is independent with security rules. You </P><P>need to define both "hide" NAT and add security</P><P>rules for inside to get to outside. Most </P><P>security folks prefer it this way. Always</P><P>deny unless explicitly allow.</P><P></P><P>With Cisco:</P><P></P><P>by default, inside is allowed to traverse to</P><P>outside unless explicitly deny. This is very</P><P>insecure.</P><P></P><P>Either way, with Cisco, once you define </P><P>PAT/NAT, inside hosts can communicate</P><P>with outside hosts, by default, unless </P><P>explicitly denies.</P><P></P><P>Easy right?</P></BODY></HTML> Fri, 02 Jan 2009 14:17:28 GMT https://community.cisco.com/t5/network-security/regarding-hide-nat-pat/m-p/1122040#M878207 cisco24x7 2009-01-02T14:17:28Z