cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
2
Replies

Where to NAT?

DamianRC
Level 1
Level 1

Hello.

I'm planning a Network re-design.

There will be a dual-homed internet connection(same carrier), terminating to ISR 4431s.

A pair of ASA 55xxs will sit behind the routers.

Palo Altos will reside the next layer in.

- Where is the ideal location for NAT to occur? I'm thinking the ASAs.

Advanced thanks for all advice.

2 Replies 2

Brandon Buffin
VIP Alumni
VIP Alumni

I have not come across a document recommending a best practice for NAT. However, the common practice is to NAT at the firewall. I would recommend that you stick with this practice. Using a common practice makes it easier to document, troubleshoot and hand off network management to another employee or provider should the need arise. Also, NAT fits in nicely with the security role of the ASA and allows the router to keep to its core role of terminating connections and routing packets.

Brandon

Deepak Kumar
VIP Alumni
VIP Alumni

Hello,

It's advised from Cisco team to use NAT on ASA due to security.

Regards,

Deepak Kumar

www.deepuverma.in

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco