09-04-2011 10:05 AM - edited 03-11-2019 02:20 PM
Im planning to rollout NAT on our network.
Are there any best practices when comes to implement NAT?
and where is the best place to implement NAT: on the firewall or on the Internet router?
Cheers
09-04-2011 10:41 AM
Hi,
You should implement NAT on the gateway device of your network. So, say, if your ISP connects to the firewall, you will should configure NAT on the firewall.
When you implement NAT, it would be best if you translate all your internal IP addresses to public IP addresses using NAT.
Here is a guide on how to implement NAT on an ASA:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_control.html
Let me know if you have more queries.
Regards,
Anu
09-04-2011 10:49 AM
my gateway is the 4500 , the firewall sitting behind the 4500.
Would it be more secure implement NAT on the firewall?
I know the definition of NAT and how it works.
Any recommendations would be greatly appreciated.
09-04-2011 10:56 AM
So your ISP connects to the 4500. Is there a specific reason why you have the 4500 outside and the firewall on the inside?
09-04-2011 11:02 AM
Having an internal firewall to protect the internal network? and the 4500 to do routing?
ANy more tips any 1?
09-04-2011 11:09 AM
I would suggest you put your firewall outside of the 4500 and configure NAT on the firewall. Or else, you can configure NAT on the 4500 but then, having or not having the firewall does not really make a difference.
09-04-2011 12:39 PM
Hi,
is there any reason why you dont want to use the firewall as a router also? e.g. routing performance requirements? Most setups I see do have the router outside the firewall, else just a firewall.
Not sure what Anu means by his last comment as firewalls offer much more protection that just NAT. ACLs, packet inspection to name just two.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide