Re: How to secure Static NAT translation

iantra123 · ‎02-15-2019

Hi all,

Is it possible to secure inbound and outbound of a static nat?

The case is following :

There is an public address A, then a public address B, then a private adress C.

The adress A is the front End to internet, then there is a static nat for B to C.

Thus I want to secure the nat on the B so that not all traffic are permited to or from C.

Regards,

Antra

Kasun Bandara · ‎02-15-2019

are you using PAT in this case for any specific services? or static NAT which maps all ports to internal IP?

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Georg Pauwen · ‎02-15-2019

Hello,

--> Thus I want to secure the nat on the B so that not all traffic are permited to or from C.

Static NAT takes precedence, so as long as there is a static mapping, all traffic for C will use that entry.

What exactly do you mean by 'securing the NAT' ? What traffc do you NOT want to reach C ?

iantra123 · ‎02-15-2019

Hello,

Static nat 1:1 goes directly to an IP address (a host), so i want to have a way to create an ACL. for this 1:1 nat.

Because the public adress B that is used for the nat is not tied to any interface.

Regards

Jon Marshall · ‎02-15-2019

Use an acl, NAT should not be used to secure traffic.

Jon