perhaps better than nat with enough IPs

Discussion in 'Cisco' started by Brian Bergin, Nov 11, 2003.

  1. Brian Bergin

    Brian Bergin Guest

    If I have enough IPs, would I not be better off doing this:

    ip nat inside source static 192.168.1.1 public_1
    ip nat inside source static 192.168.1.2 public_2
    ip nat inside source static 192.168.1.3 public_3
    ip nat inside source static 192.168.1.4 public_4
    ....
    ip nat inside source static 192.168.1.254 public_254

    ???

    and not overloading to the Serial0/0?

    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.
     
    Brian Bergin, Nov 11, 2003
    #1
    1. Advertisements

  2. In article <>,
    Brian Bergin <> wrote:
    >If I have enough IPs, would I not be better off doing this:
    >
    >ip nat inside source static 192.168.1.1 public_1
    >ip nat inside source static 192.168.1.2 public_2
    >ip nat inside source static 192.168.1.3 public_3
    >ip nat inside source static 192.168.1.4 public_4
    >...
    >ip nat inside source static 192.168.1.254 public_254
    >
    >???
    >
    >and not overloading to the Serial0/0?


    Yes, overloading is usually a workaround for not having enough IP's to do
    one-to-one mapping. Or you could do without NAT entirely.

    --
    Barry Margolin,
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
     
    Barry Margolin, Nov 11, 2003
    #2
    1. Advertisements

  3. In article <>,
    Brian Bergin <> wrote:
    :If I have enough IPs, would I not be better off doing this:

    :ip nat inside source static 192.168.1.1 public_1
    :ip nat inside source static 192.168.1.2 public_2

    :and not overloading to the Serial0/0?

    Better? Than?

    There are still some protocols that don't play well with PAT,
    so if you are using one of those, then Yes, a static NAT helps.

    But there are still some protocols (e.g., NETBIOS) that don't play
    well with any kind of NAT, so if you are using one of those, then
    from the protocol perspective, you are better off pushing the
    IP addresses right through than using either NAT or PAT.

    From a security perspective, the less the attacker can deduce
    about your setup, the better, and using PAT helps obscure your
    internal architecture. Using PAT also cuts down on accidentally
    allowing incoming connections that you don't want -- it's easier
    to remember all the connections permitted to a single IP address
    than to remember all the connections individually permitted to 253
    of them, and as you move computers around you *will* forget
    or "not quite have time yet".
    --
    I don't know if there's destiny,
    but there's a decision! -- Wim Wenders (WoD)
     
    Walter Roberson, Nov 11, 2003
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VT
    Replies:
    43
    Views:
    2,078
  2. ajacobs2

    Enough is enough....

    ajacobs2, Sep 30, 2003, in forum: Digital Photography
    Replies:
    33
    Views:
    1,190
  3. Tony Sperling

    Perhaps you'd better sit down now!

    Tony Sperling, Aug 19, 2006, in forum: Windows 64bit
    Replies:
    6
    Views:
    435
    Tony Sperling
    Aug 20, 2006
  4. dh@.
    Replies:
    1
    Views:
    585
    PTravel
    Aug 28, 2008
  5. Martijn Lievaart

    HSRP: virtual IPs without real IPs?

    Martijn Lievaart, Feb 9, 2012, in forum: Cisco
    Replies:
    4
    Views:
    1,270
    Martijn Lievaart
    Feb 15, 2012
Loading...

Share This Page