Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT OverLoad - Security concern

Hi,

Is this a secure NAT Overload configuration, what I mean "Nobody from Public Network can access private NATTED Box"

interface fa0/0

ip nat inside

interface s0/0

ip nat outside

access-list 100 permit ip 192.168.1.100 255.255.255.255 any

ip nat inside source list 100 interface serial 0/0 overload

4 REPLIES
Hall of Fame Super Gold

Re: NAT OverLoad - Security concern

Correct, nobody from outside can access inside, all connections must be initiated from inside.

You can also use a standard ACL to the same effect.

Silver

Re: NAT OverLoad - Security concern

If the 192.168.1.100 is in the INSIDE then this is good....

New Member

Re: NAT OverLoad - Security concern

Thanks

192.168.1.100 is ISA Server IP, will there be any performance impact using NAT OverLoad.

********

Is the following configuration Secured ( Anyone from outside cannot initiate connection )

********Configuration ******************

****************************************

ip subnet-zero

ip domain lookup source-interface FastEthernet0/0

ip name-server 4.4.4.4

interface FastEthernet0/0

description Connected to ISP

ip address 10.10.10.66 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Connection to LAN-Switch

ip address 192.168.1.100 255.255.255.0

ip accounting output-packets

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.10.65

ip route 172.20.16.0 255.255.255.0 192.168.1.1

no ip http server

no ip http secure-server

ip nat inside source static 192.168.1.101 10.10.10.68

ISA Server : 192.168.1.101

Public IP : 10.10.10.68

Hall of Fame Super Gold

Re: NAT OverLoad - Security concern

You have been told already that is ok.

291
Views
0
Helpful
4
Replies