You should implement NAT on the gateway device of your network. So, say, if your ISP connects to the firewall, you will should configure NAT on the firewall.
When you implement NAT, it would be best if you translate all your internal IP addresses to public IP addresses using NAT.
Here is a guide on how to implement NAT on an ASA:
Let me know if you have more queries.
my gateway is the 4500 , the firewall sitting behind the 4500.
Would it be more secure implement NAT on the firewall?
I know the definition of NAT and how it works.
Any recommendations would be greatly appreciated.
I would suggest you put your firewall outside of the 4500 and configure NAT on the firewall. Or else, you can configure NAT on the 4500 but then, having or not having the firewall does not really make a difference.
is there any reason why you dont want to use the firewall as a router also? e.g. routing performance requirements? Most setups I see do have the router outside the firewall, else just a firewall.
Not sure what Anu means by his last comment as firewalls offer much more protection that just NAT. ACLs, packet inspection to name just two.