Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
1
Replies

Double Nat Best Practice

jtphilies
Level 1
Level 1

‎06-29-2009 09:58 PM - edited ‎03-11-2019 08:49 AM

Hey pros!

i wanted to get your opinion on best practice scenario.

I want to Nat and Pat a server in our LAN to be accessible on the Internet.

configuration:

LAN |FW| DMZ |FW| Internet

now cos the server is in the lan and i want to NAT it for the internet.

Do i,

a) Nat it on the first inside FW to the DMZ then Nat it again on the 2nd outside FW?

b) Nat it on the inside FW to the Internet only?

c) Only Nat it on the outside FW to the Internet?

Note: our Public Addressing is viewable from DMZ also, hence why i have the option of Natting from either.

hope this makes sense

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎06-30-2009 05:05 AM

Personally, I would NAT on the outside FW. Your decision should be base on your security policy. Are you allowed to route between the DMZ and the inside? If not, then option A above.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card