NAT OverLoad - Security concern

ronald.ramzy · ‎07-04-2009

Hi,

Is this a secure NAT Overload configuration, what I mean "Nobody from Public Network can access private NATTED Box"

interface fa0/0

ip nat inside

interface s0/0

ip nat outside

access-list 100 permit ip 192.168.1.100 255.255.255.255 any

ip nat inside source list 100 interface serial 0/0 overload

paolo bevilacqua · ‎07-04-2009

Correct, nobody from outside can access inside, all connections must be initiated from inside.

You can also use a standard ACL to the same effect.

pciaccio · ‎07-04-2009

If the 192.168.1.100 is in the INSIDE then this is good....

ronald.ramzy · ‎07-04-2009

Thanks

192.168.1.100 is ISA Server IP, will there be any performance impact using NAT OverLoad.

********

Is the following configuration Secured ( Anyone from outside cannot initiate connection )

********Configuration ******************

****************************************

ip subnet-zero

ip domain lookup source-interface FastEthernet0/0

ip name-server 4.4.4.4

interface FastEthernet0/0

description Connected to ISP

ip address 10.10.10.66 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Connection to LAN-Switch

ip address 192.168.1.100 255.255.255.0

ip accounting output-packets

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.10.65

ip route 172.20.16.0 255.255.255.0 192.168.1.1

no ip http server

no ip http secure-server

ip nat inside source static 192.168.1.101 10.10.10.68

ISA Server : 192.168.1.101

Public IP : 10.10.10.68

paolo bevilacqua · ‎07-05-2009

You have been told already that is ok.