Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pool ips publics ?

Hello, my ISP to me delivered a public address pool (pool of 8 ips). But I've always used all my services (mail, ftp, web, etc) published a single public IP. My question is. Benefits that would obtain if nats use each service to publish a different public ip, as do most companies? Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

Pool ips publics ?

Hello Anthony,

It depends now, do you have all those services running on a single box (which is not a good security practice). But if you were, then you will prefer to have only one public IP used. But if those services were residing on different boxes then it's better to have them NATted on different static public IPs. The reason behind that i feel is to reduce the overhead on the router.

I think in this way, if a traffic inbound to your FTP site dives in, then router has to translate that request based on the Port number. Assuming that the traffic hits to a same public IP with multiple services over them, then it has to go each NAT rule lines to determine which is the inside private IP to be translated based on the destination port. But if you were to NAT with different IPs then it becomes fairly simple for the router to determine.

Hope this helps.

Vivek

1 REPLY

Pool ips publics ?

Hello Anthony,

It depends now, do you have all those services running on a single box (which is not a good security practice). But if you were, then you will prefer to have only one public IP used. But if those services were residing on different boxes then it's better to have them NATted on different static public IPs. The reason behind that i feel is to reduce the overhead on the router.

I think in this way, if a traffic inbound to your FTP site dives in, then router has to translate that request based on the Port number. Assuming that the traffic hits to a same public IP with multiple services over them, then it has to go each NAT rule lines to determine which is the inside private IP to be translated based on the destination port. But if you were to NAT with different IPs then it becomes fairly simple for the router to determine.

Hope this helps.

Vivek

220
Views
0
Helpful
1
Replies