Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
2
Helpful
4
Replies

NGFW and ISR router - NAT and Routing

Patts
Level 1
Level 1

‎07-13-2023 08:10 PM

hi,

the current deployment i have is the NGFW which is in routed mode so i can use as gateway for all inside subnets. it connects to the ISR router before its connect to the public internet (connection between NGFW and ISR router still private network). my question is can i still use the NGFW for my NAT when connecting to internet, how about the Router need to do NAT again since it is the one connected to the public ip?

best practice - where to do NAT, Policy

regards,

pat

Preview file
52 KB
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎07-13-2023 08:20 PM

Hi @Patts 

 The NAT for internet access should be placed on the router as it has the public IP address. If you do the NAT on the firewall for internet, you need double NAT as the network between firewall and ISR can not go out to the internet. 

 It is not a problem to have double NAT like this but surelly it will be more configuration,  more failing points and uncecessary processing.

Patts
Level 1
Level 1
In response to Flavio Miranda

‎07-13-2023 08:26 PM

thanks Flavio, i will consider just to do all the NAT in the router.

cheers!

pat

0 Helpful

Flavio Miranda
VIP
VIP
In response to Patts

‎07-13-2023 08:28 PM

Sounds like a plan.

You may find reason to place NAT in the firewall for some specific situation for internal network. But for internet,  I would also go with the router.

MHM Cisco World
VIP
VIP

‎07-14-2023 02:55 AM

Sure ypu can and it prefer to config NATing in Router not in FW.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card