NAT: Where to implement it.

zappo0305 · ‎09-04-2011

Im planning to rollout NAT on our network.

Are there any best practices when comes to implement NAT?

and where is the best place to implement NAT: on the firewall or on the Internet router?

Cheers

Anu M Chacko · ‎09-04-2011

Hi,

You should implement NAT on the gateway device of your network. So, say, if your ISP connects to the firewall, you will should configure NAT on the firewall.

When you implement NAT, it would be best if you translate all your internal IP addresses to public IP addresses using NAT.

Here is a guide on how to implement NAT on an ASA:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_control.html

Let me know if you have more queries.

Regards,

Anu

zappo0305 · ‎09-04-2011

my gateway is the 4500 , the firewall sitting behind the 4500.

Would it be more secure implement NAT on the firewall?

I know the definition of NAT and how it works.

Any recommendations would be greatly appreciated.

Anu M Chacko · ‎09-04-2011

So your ISP connects to the 4500. Is there a specific reason why you have the 4500 outside and the firewall on the inside?

zappo0305 · ‎09-04-2011

Having an internal firewall to protect the internal network? and the 4500 to do routing?

ANy more tips any 1?

Anu M Chacko · ‎09-04-2011

I would suggest you put your firewall outside of the 4500 and configure NAT on the firewall. Or else, you can configure NAT on the 4500 but then, having or not having the firewall does not really make a difference.

sir.vegaskid · ‎09-04-2011

Hi,

is there any reason why you dont want to use the firewall as a router also? e.g. routing performance requirements? Most setups I see do have the router outside the firewall, else just a firewall.

Not sure what Anu means by his last comment as firewalls offer much more protection that just NAT. ACLs, packet inspection to name just two.