cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
977
Views
0
Helpful
3
Replies

Securing with NAT - Best Practice ?

superlubis
Level 1
Level 1

Hi,

It is forbidden to do NAT Exempt from Internal to DMZ ?

I hear there is a compliance in banking that 2 server who needs to communicate but its forbidden to know each other ip address ?

How about NAT as second layer or firewall ?

What is best practice to secure enterprise network from NAT point of view ?

Thx

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Ibrahim,

No, not at all, that is not a restriction at all. You can do it if needed.

Now looks like in your enviroment is a requirement that this 2 servers communicate with each other but they will not know each other IP address.

Then NAT is your friend as will satisfy the requirement you are looking for.

Well I do not consider NAT to be a security measure as for me it does not perform any inspection, any rule set any policy ,etc but I can ensure you there are a lot of people that think about it as a security measure.

I see it as an IP service that allows us to preserve the IP address space.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Yes the same with me, and what i learn from CCNA or CCNP book is NAT is just for many local client accessing the internet and for translating ip private server to ip public server. Can i tighten up security with NAT ? whats is the best practice in cisco ?

Hello,

And on the CCNA Track we also heard that NAT is for security purposes.

Again I dont think that way.

Can i tighten up security with NAT ? whats is the best practice in cisco ?

No, I mean what can you implement with NAT that will make your network more secure? Nothing.

You must think about content filtering, packet inspections, ACL, traffic encryption, Role based access, etc. Those kind of things that will make the network more secure

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card