Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Regarding Hide NAT(PAT)

Dear Team,

Whether doing Hide NAT(Hide behind IP or Hide behind Gateway) will automatically add two rules in the rulebase.

For example If someone from internal network want to access external public IP

Internal Network 10.10.10.1/24

External IP:- 1.1.1.1(Public IP)

NAT IP:- 2.2.2.2

Now when the internal network accesses the public IP it will get Hide NATed to the public IP 2.2.2.2--

Will that mean the one more rulebase will get created automatically(because of Hide NAT) which will mean that the external IP (1.1.1.1) can access 2.2.2.2 and then this 2.2.2.2 IP will get NATed to 10.10.10.1

Am I correct?

If yes then will that mean that at a time either internal network can access external IP OR external IP can access internal network.

2 REPLIES

Re: Regarding Hide NAT(PAT)

This depends on if you hhave a static NAT or PAT or a global NAT/PAT. Read the below link will all relevant information:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml

Silver

Re: Regarding Hide NAT(PAT)

With Checkpoint:

NAT is independent with security rules. You

need to define both "hide" NAT and add security

rules for inside to get to outside. Most

security folks prefer it this way. Always

deny unless explicitly allow.

With Cisco:

by default, inside is allowed to traverse to

outside unless explicitly deny. This is very

insecure.

Either way, with Cisco, once you define

PAT/NAT, inside hosts can communicate

with outside hosts, by default, unless

explicitly denies.

Easy right?

601
Views
0
Helpful
2
Replies