Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
1
Replies

Double Nat Best Practice

jtphilies
Level 1
Level 1

‎06-29-2009 09:58 PM - edited ‎03-11-2019 08:49 AM

Hey pros!

i wanted to get your opinion on best practice scenario.

I want to Nat and Pat a server in our LAN to be accessible on the Internet.

configuration:

LAN |FW| DMZ |FW| Internet

now cos the server is in the lan and i want to NAT it for the internet.

Do i,

a) Nat it on the first inside FW to the DMZ then Nat it again on the 2nd outside FW?

b) Nat it on the inside FW to the Internet only?

c) Only Nat it on the outside FW to the Internet?

Note: our Public Addressing is viewable from DMZ also, hence why i have the option of Natting from either.

hope this makes sense

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎06-30-2009 05:05 AM

Personally, I would NAT on the outside FW. Your decision should be base on your security policy. Are you allowed to route between the DMZ and the inside? If not, then option A above.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card