JORGE RODRIGUEZ Fri, 09/25/2009 - 12:10
User Badges:
  • Green, 3000 points or more

One advantage is to hide your private IP scheme from external vendors connected to DMZ..


say your DMZ network is 172.16.1.0/24

and your inside is 192.168.1.0/24


DMZ vendor host 172.16.1.50 needs to access host on inside network 192.168.1.10 you can then use a 172.16.1.X address as NAT address for 192.168.1.10.. so DMZ will use 172.16.1.X to connect to 192.168.1.10 host.


luciano_rangel Fri, 09/25/2009 - 12:21
User Badges:

Excuse-me but did not mention that had this concept, we would like to know is if there is some other advantage such as attacks


Thanks for help

JORGE RODRIGUEZ Fri, 09/25/2009 - 12:42
User Badges:
  • Green, 3000 points or more

Luciano, in your original post you had asked What are the security advantages to make NAT between DMZ and inside?? I gave you an answer that is commonly use in DMZs..


but in your second post you are asking something different.. NAT is a function of address translation and nothing else, NAT does not save you from network attacks such ip spoofing or sync attacks.


If I still missunderstand your first and second question PLS correct me.


Regards


Actions

This Discussion