Double Nat Best Practice

Unanswered Question
Jun 29th, 2009
User Badges:

Hey pros!

i wanted to get your opinion on best practice scenario.

I want to Nat and Pat a server in our LAN to be accessible on the Internet.


LAN |FW| DMZ |FW| Internet

now cos the server is in the lan and i want to NAT it for the internet.

Do i,

a) Nat it on the first inside FW to the DMZ then Nat it again on the 2nd outside FW?

b) Nat it on the inside FW to the Internet only?

c) Only Nat it on the outside FW to the Internet?

Note: our Public Addressing is viewable from DMZ also, hence why i have the option of Natting from either.

hope this makes sense

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 06/30/2009 - 05:05
User Badges:
  • Purple, 4500 points or more

Personally, I would NAT on the outside FW. Your decision should be base on your security policy. Are you allowed to route between the DMZ and the inside? If not, then option A above.


This Discussion