NAT OverLoad - Security concern

Unanswered Question
Jul 4th, 2009

Hi,

Is this a secure NAT Overload configuration, what I mean "Nobody from Public Network can access private NATTED Box"

interface fa0/0

ip nat inside

interface s0/0

ip nat outside

access-list 100 permit ip 192.168.1.100 255.255.255.255 any

ip nat inside source list 100 interface serial 0/0 overload

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Sat, 07/04/2009 - 15:19

Correct, nobody from outside can access inside, all connections must be initiated from inside.

You can also use a standard ACL to the same effect.

pciaccio Sat, 07/04/2009 - 19:00

If the 192.168.1.100 is in the INSIDE then this is good....

ronald.ramzy Sat, 07/04/2009 - 21:40

Thanks

192.168.1.100 is ISA Server IP, will there be any performance impact using NAT OverLoad.

********

Is the following configuration Secured ( Anyone from outside cannot initiate connection )

********Configuration ******************

****************************************

ip subnet-zero

ip domain lookup source-interface FastEthernet0/0

ip name-server 4.4.4.4

interface FastEthernet0/0

description Connected to ISP

ip address 10.10.10.66 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Connection to LAN-Switch

ip address 192.168.1.100 255.255.255.0

ip accounting output-packets

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.10.65

ip route 172.20.16.0 255.255.255.0 192.168.1.1

no ip http server

no ip http secure-server

ip nat inside source static 192.168.1.101 10.10.10.68

ISA Server : 192.168.1.101

Public IP : 10.10.10.68

Actions

This Discussion