09-23-2016 07:25 AM - edited 03-05-2019 07:07 AM
Hello.
I'm planning a Network re-design.
There will be a dual-homed internet connection(same carrier), terminating to ISR 4431s.
A pair of ASA 55xxs will sit behind the routers.
Palo Altos will reside the next layer in.
- Where is the ideal location for NAT to occur? I'm thinking the ASAs.
Advanced thanks for all advice.
09-23-2016 11:48 AM
I have not come across a document recommending a best practice for NAT. However, the common practice is to NAT at the firewall. I would recommend that you stick with this practice. Using a common practice makes it easier to document, troubleshoot and hand off network management to another employee or provider should the need arise. Also, NAT fits in nicely with the security role of the ASA and allows the router to keep to its core role of terminating connections and routing packets.
Brandon
09-24-2016 02:00 AM
Hello,
It's advised from Cisco team to use NAT on ASA due to security.
Regards,
Deepak Kumar
www.deepuverma.in
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: