Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4399
Views
0
Helpful
9
Replies

NAT on firewall or router

alanchia2000
Level 1
Level 1

‎06-10-2006 06:31 AM - edited ‎03-03-2019 12:57 PM

Hi,

I am currently looking at implementing NAT on a device for my clients, but do not know where is the best place to implement NAT. Currently they have a LAN with a firewall connecting to a router . What are the advantages and disadvantages of implementing NAT on firewall or NAT on router. Could anyone advise ?

LAN ----> Firewall -----> Router ----> Internet ---->

Labels:
0 Helpful
9 Replies 9

vladrac-ccna
Level 5
Level 5

‎06-10-2006 06:35 AM

My first thought would be about memory and cpu ?

it really depend on the ammount of traffic you are translating and the what kind of devices you have.

you can have really powerfull firewall doing all the job for you while you have a 2500 as a router doing basic routing,

or you can have a power router doing nat, and a basic firewall hardware.

Vlad

from a cisco book: "Theoretically, there is no limit on the number of mappings that the NAT table can hold. Practically, memory and CPU or the boundaries of the available addresses or ports place a limit on the number of entries. Each NAT mapping uses approximately 160 bytes of memory"

0 Helpful

alanchia2000
Level 1
Level 1
In response to vladrac-ccna

‎06-10-2006 06:43 AM

Hi Vlad,

Thank you for your quick response. I'm using a high end firewall with 1G of RAM and 3.0Ghz CPU. And I am using 2821XM for my router. There is neither a performance issue on my firewall nor router since there are not many users on my network, less than 200 if I am correct. The external connection is a E1 lease line. Are there any other considerations?

Alan

0 Helpful

vladrac-ccna
Level 5
Level 5
In response to alanchia2000

‎06-10-2006 06:53 AM

Not an expert on this subject , just adding my 2 cents.

I'd look both devices and check which of them have more free resources at the moment.

What else are you doing? vpn? what kind of routing protocol are you using? bgp? this could make things worst for the firewall or router.

So, try show process cpu and show memory and check which is more loaded.

hope this help a bit,

Id appreciate if you consider rating these posts.

vlad

0 Helpful

alanchia2000
Level 1
Level 1
In response to vladrac-ccna

‎06-10-2006 09:14 PM

Hi Vlad,

Thanks for the advice. At the moment, the firewall only performs a job as a firewall and the router performs only static routing function.

0 Helpful

devang_etcom
Level 7
Level 7
In response to alanchia2000

‎06-10-2006 07:42 AM

do you have any server or server farm in your network which you want to allow to access from internet...?

regards

Devang

0 Helpful

alanchia2000
Level 1
Level 1
In response to devang_etcom

‎06-10-2006 09:11 PM

Hi Devang,

We do not have any server farms which we allow access to the Internet.

0 Helpful

devang_etcom
Level 7
Level 7
In response to alanchia2000

‎06-11-2006 02:13 AM

then you can have NATing at router or at the firewall ...but when if you enable nating on firewall then you need to confiure bridging for router...which requrie some more configuration...so i think your router is also good so you can confiugre natting on router...

hope this helps

rate this post if it helps

regards

Devang

0 Helpful

reconnectit
Level 1
Level 1

‎06-11-2006 01:23 AM

Based off of the info provided, the best place to implement NAT is on the firewall. Bridge the router if you can and do all your NATs at the firewall.

0 Helpful

devang_etcom
Level 7
Level 7
In response to reconnectit

‎06-11-2006 08:56 AM

yes it is...but as you said you have to bridge router...and its true as the firewall is special sequrity device so its better to implement nat there...

regards

Devang

0 Helpful
Customers Also Viewed These Support Documents