Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
3
Replies

Securing with NAT - Best Practice ?

superlubis
Level 1
Level 1

‎10-05-2013 08:12 AM - edited ‎03-11-2019 07:47 PM

Hi,

It is forbidden to do NAT Exempt from Internal to DMZ ?

I hear there is a compliance in banking that 2 server who needs to communicate but its forbidden to know each other ip address ?

How about NAT as second layer or firewall ?

What is best practice to secure enterprise network from NAT point of view ?

Thx

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-05-2013 10:44 AM

Hello Ibrahim,

No, not at all, that is not a restriction at all. You can do it if needed.

Now looks like in your enviroment is a requirement that this 2 servers communicate with each other but they will not know each other IP address.

Then NAT is your friend as will satisfy the requirement you are looking for.

Well I do not consider NAT to be a security measure as for me it does not perform any inspection, any rule set any policy ,etc but I can ensure you there are a lot of people that think about it as a security measure.

I see it as an IP service that allows us to preserve the IP address space.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

superlubis
Level 1
Level 1
In response to Julio Carvajal

‎10-05-2013 07:22 PM

Yes the same with me, and what i learn from CCNA or CCNP book is NAT is just for many local client accessing the internet and for translating ip private server to ip public server. Can i tighten up security with NAT ? whats is the best practice in cisco ?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to superlubis

‎10-05-2013 11:48 PM

Hello,

And on the CCNA Track we also heard that NAT is for security purposes.

Again I dont think that way.

Can i tighten up security with NAT ? whats is the best practice in cisco ?

No, I mean what can you implement with NAT that will make your network more secure? Nothing.

You must think about content filtering, packet inspections, ACL, traffic encryption, Role based access, etc. Those kind of things that will make the network more secure

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card