Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Double Nat Best Practice

Hey pros!

i wanted to get your opinion on best practice scenario.

I want to Nat and Pat a server in our LAN to be accessible on the Internet.

configuration:

LAN |FW| DMZ |FW| Internet

now cos the server is in the lan and i want to NAT it for the internet.

Do i,

a) Nat it on the first inside FW to the DMZ then Nat it again on the 2nd outside FW?

b) Nat it on the inside FW to the Internet only?

c) Only Nat it on the outside FW to the Internet?

Note: our Public Addressing is viewable from DMZ also, hence why i have the option of Natting from either.

hope this makes sense

1 REPLY

Re: Double Nat Best Practice

Personally, I would NAT on the outside FW. Your decision should be base on your security policy. Are you allowed to route between the DMZ and the inside? If not, then option A above.

208
Views
0
Helpful
1
Replies
CreatePlease login to create content