02-26-2013 06:17 AM - last edited on 03-25-2019 05:50 PM by ciscomoderator
I know that we´ll survive after this change, but what you first impression about this new model?
In my opinion, more disadvantages than advantages.
Advantages:
Disadvantages:
02-26-2013 06:36 AM
Hi,
I was first against the NAT change and there are still things that are not etched in my memory.
I do agree with all the points you made.
I dont personally like the amount of configurations some NAT configurations generate. Its also alot more things involved to determine a simple Static NAT configuration or any other NAT for that matter (all to some degree ofcourse depends on how you have built your configuration)
I do find though that the new NAT format gives some possibilities to play around with how traffic is forwarded. This either wasnt available with the older softwares or I just even tried it back then. Reading these forums and testing out peoples NAT setups has introduced myself to some pretty special looking implementations and that is always chance to learn something new and perhaps implement them in your own configurations.
Now after several months of configuring the new (post 8.3 software) NAT configuration I have become quite used to them. Though it naturally helps when I have to migrate around 200-250 firewalls from 8.2 to the newer softwares It kinda sticks on you eventually
I think the key is to testing out the NAT setup by yourself and not blindly trusting the ASA to do it for you (if you are letting the ASA migrate the configuration) There is also usually minor ways to optimize the NAT configuration and make it easier to read. Key is to plan ahead and for example come up with a good naming policy on the ASA intefaces and object/object-group names.
Some of my tips regarding NAT would be
MIght add something more but those are the ones that come to mind fast.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide