10-05-2013 08:12 AM - edited 03-11-2019 07:47 PM
Hi,
It is forbidden to do NAT Exempt from Internal to DMZ ?
I hear there is a compliance in banking that 2 server who needs to communicate but its forbidden to know each other ip address ?
How about NAT as second layer or firewall ?
What is best practice to secure enterprise network from NAT point of view ?
Thx
10-05-2013 10:44 AM
Hello Ibrahim,
No, not at all, that is not a restriction at all. You can do it if needed.
Now looks like in your enviroment is a requirement that this 2 servers communicate with each other but they will not know each other IP address.
Then NAT is your friend as will satisfy the requirement you are looking for.
Well I do not consider NAT to be a security measure as for me it does not perform any inspection, any rule set any policy ,etc but I can ensure you there are a lot of people that think about it as a security measure.
I see it as an IP service that allows us to preserve the IP address space.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
10-05-2013 07:22 PM
Yes the same with me, and what i learn from CCNA or CCNP book is NAT is just for many local client accessing the internet and for translating ip private server to ip public server. Can i tighten up security with NAT ? whats is the best practice in cisco ?
10-05-2013 11:48 PM
Hello,
And on the CCNA Track we also heard that NAT is for security purposes.
Again I dont think that way.
Can i tighten up security with NAT ? whats is the best practice in cisco ?
No, I mean what can you implement with NAT that will make your network more secure? Nothing.
You must think about content filtering, packet inspections, ACL, traffic encryption, Role based access, etc. Those kind of things that will make the network more secure
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide