Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
2
Replies

NAT

mafriedman
Level 1
Level 1

‎07-15-2002 09:08 AM - edited ‎03-01-2019 11:53 PM

We are in the process of replacing our 3Com Access builder (dial-in) system with a Cisco PIX 515e.

Currently, we have a 350+ node IP based WAN with fixed IP addresses. It works well. But, our addressing scheme does not currently utilize IANA reserved addresses. We have numerous offices linked by dedicated line. We are running NT4.0 servers and also and have several distinct, domains with no trusted Domains. A future plan is to consolidate Domains prior to migrating to Windows2000.

We have no immediate plans to allow direct Internet access from our WAN, although it is certainly a future likelihood that we will modify our topology to permit direct workstation access. However, this is several years away.

Several questions come to mind and we have been getting different answers from different "experts."

Does it make sense to convert our internal IP addressing to one of the private address blocks; (i.e... 10.xxx.xxx.xxx) or go with NAT? What are the concerns and issues associated with each? Is security a problem or advantage when using NAT?

Are we required to go forward with changing our internal IP addressing our internal WAN with a private address scheme if we are to use the Cisco PIX firewall?

Thanks for your help...

Mark

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-15-2002 11:13 PM

There is no need to change your current ip addressing scheme in order to use the PIX.

NAT alone is not enough to secure a network.

But it is a plus to have it.

I would say that if you don't want to change your ip addressing scheme and don't see any reason to do it. Then don't do it.

People would usually change it to a private ip address scheme in order to save/find more public addresses.

0 Helpful

mafriedman
Level 1
Level 1
In response to Gilles Dufour

‎07-16-2002 04:17 AM

Thanks for your reply.

The problem I have is that some people be accessing the PIX via the Internet. Let's say the host dials in. He has a private IP address of 10.xxx.xxx.xxx and the server he is trying to access within our internal intranet has an address of 130.xxx.xxx.xxx. How will the host be able to find the server? The individual who is setting the system up claims that the Server and all of our interior LANs must utilize private addresses for the Internet based VPN hosts to locate the Servers and peripherals within the interior LAN. Thus, we need to redo the IP addresses throughout our entire operation. If this is not the case, I'll need to explain why and how we can get around the need to redo the addresses.

Again, thanks for your help....

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card