Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
1
Replies

Where best to NAT for DMVPN Internet connection

carl_townshend
Spotlight
Spotlight

‎01-15-2018 01:15 AM - edited ‎03-05-2019 09:46 AM

Hi All

We are currently working on a site which will connect to our IWAN, using MPLS and and Internet connection.

Most the sites will have the firewall and NAT running on the Internet router.

However on one site, we have some firewalls sitting behind these routers.

What would be the best option, just do NAT on the Cisco Internet router only, or use the firewalls behind and do double NAT so on the firewall and router

cheers

 

Labels:
0 Helpful
1 Reply 1

ghostinthenet
Level 7
Level 7

‎01-22-2018 11:18 AM

Personally, I'm never a fan of double-NAT. It introduces additional management overhead and additional troubleshooting requirements. If possible, I would run the firewalls in parallel with the DMVPN router, using the DMVPN router as the default gateway and redirecting traffic to the firewalls as required. Of course, that's based only on the information provided and with no understanding of the underlying business and technical requirements. With more information, I could probably provide better advice.

0 Helpful
Customers Also Viewed These Support Documents