Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Double NATting

Hi Everybody,

I have 2 tiers of firewalls (Juniper and PIX); the PIX is sitting in the internal tier and my public DMZ is configured out of the PIX. My question, if I want to do Bi-directional address translation on both firewalls (static NATting) would this cause any problem in the future? Or do you recommend disabling address translation on one of the firewalls?

I tried to run static NATtin on both firewalls at the same time and my servers are being accessed with no problem, but would like to confirm if this wont arise any problem in the future?

Thanks!

Haitham

1 REPLY
Silver

Re: Double NATting

Hello Haitham,

It shouldn't cause any problem (unless you hit a bug in future, in that case you have to deal with two firewalls). Question is, if there is a real advantage of adding one extra level of NAT. I would say "NO". Disadvantages are that - you have to deal NAT components in both FW, there are extra processing cycles that could be reduced with single NAT, besides troubelshooting is little more painful as you need to look at the NAT components on both FWs.

So, my personal preferences would be to do NAT in one FW.

Thanks,

Mynul

284
Views
5
Helpful
1
Replies
CreatePlease to create content