Cisco Community
English
Register
Cisco Community Events are getting a new name! LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1947
Views
0
Helpful
4
Replies
iantra123
iantra123 Explorer
Explorer
‎02-15-2019 12:19 AM
‎02-15-2019 12:19 AM

How to secure Static NAT translation

Hi all,

Is it possible to secure inbound and outbound of a static nat?

The case is following :

There is an public address A, then a public address B, then a private adress C.

The adress A is the front End to internet, then there is a static nat for B to C.

Thus I want to secure the nat on the B so that not all traffic are permited to or from C.

 

Regards,

Antra

0 Helpful
Reply
4 REPLIES 4
Kasun Bandara
Kasun Bandara Enthusiast
Enthusiast
‎02-15-2019 12:54 AM
‎02-15-2019 12:54 AM

Re: How to secure Static NAT translation

are you using PAT in this case for any specific services? or static NAT which maps all ports to internal IP?
0 Helpful
Reply
Georg Pauwen
VIP Mentor Georg Pauwen VIP Mentor
VIP Mentor
‎02-15-2019 01:05 AM
‎02-15-2019 01:05 AM

Re: How to secure Static NAT translation

Hello,

 

--> Thus I want to secure the nat on the B so that not all traffic are permited to or from C.

 

Static NAT takes precedence, so as long as there is a static mapping, all traffic for C will use that entry.

 

What exactly do you mean by 'securing the NAT' ? What traffc do you NOT want to reach C ?

0 Helpful
Reply
iantra123
iantra123 Explorer
Explorer
‎02-15-2019 03:05 AM
‎02-15-2019 03:05 AM

Re: How to secure Static NAT translation

Hello,

Static nat 1:1 goes directly to an IP address (a host), so i want to have a way to create an ACL. for this 1:1 nat.

Because the public adress B that is used for the nat is not tied to any interface.

Regards

0 Helpful
Reply
Jon Marshall
Hall of Fame Guru Jon Marshall Hall of Fame Guru
Hall of Fame Guru
‎02-15-2019 01:26 AM
‎02-15-2019 01:26 AM

Re: How to secure Static NAT translation

 

Use an acl, NAT should not be used to secure traffic. 

 

Jon

0 Helpful
Reply
Latest Contents
5 Minute Network Operations Survey
Created by jenchen3 on 09-18-2019 12:04 PM
0
0
0
0
Inviting all network professionals in operations! We'd like to understand what would be valuable for you in a mobile application. Your response will help Cisco improve a product feature that could benefit you. Thanks!  Click here to take the sur... view more
SD-WAN Controller Setup Guide (On-Prem, Non Cloud-Managed)
Created by hadhaliw on 09-16-2019 10:47 AM
0
5
0
5
Benefits Cisco’s software-defined wide area network (SD-WAN) solution allows user to quickly and seamlessly establish an overlay fabric to connect an enterprise’s data centers, branch and campus locations, as well as colocation facilities in order to imp... view more
How to get member id of Cisco DNAC for Cloud Canary Upgrade
Created by pbagga on 09-13-2019 01:37 PM
0
5
0
5
1. Log into CLI of DNAC:  ssh maglev@< DNAC appliance IP> -p 2222 2. Run this curl command to get token to get member id: curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token Not... view more
16.12.2 Beta Release for Catalyst Switches
Created by okumar on 09-12-2019 10:27 PM
0
0
0
0
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee... view more
Cisco SD-Access Deployment Best Practices - Transit Control ...
Created by Karthik Kumar Thatikonda on 09-11-2019 04:04 PM
0
0
0
0
Purpose of the document This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards