Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
2
Replies

Where to NAT?

DamianRC
Level 1
Level 1

‎09-23-2016 07:25 AM - edited ‎03-05-2019 07:07 AM

Hello.

I'm planning a Network re-design.

There will be a dual-homed internet connection(same carrier), terminating to ISR 4431s.

A pair of ASA 55xxs will sit behind the routers.

Palo Altos will reside the next layer in.

- Where is the ideal location for NAT to occur? I'm thinking the ASAs.

Advanced thanks for all advice.

Labels:
0 Helpful
2 Replies 2

Brandon Buffin
VIP Alumni
VIP Alumni

‎09-23-2016 11:48 AM

I have not come across a document recommending a best practice for NAT. However, the common practice is to NAT at the firewall. I would recommend that you stick with this practice. Using a common practice makes it easier to document, troubleshoot and hand off network management to another employee or provider should the need arise. Also, NAT fits in nicely with the security role of the ASA and allows the router to keep to its core role of terminating connections and routing packets.

Brandon

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎09-24-2016 02:00 AM

Hello,

It's advised from Cisco team to use NAT on ASA due to security.

Regards,

Deepak Kumar

www.deepuverma.in

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card