perhaps better than nat with enough IPs

If I have enough IPs, would I not be better off doing this:

ip nat inside source static 192.168.1.1 public_1
ip nat inside source static 192.168.1.2 public_2
ip nat inside source static 192.168.1.3 public_3
ip nat inside source static 192.168.1.4 public_4
....
ip nat inside source static 192.168.1.254 public_254

???

and not overloading to the Serial0/0?

Thanks...
Brian Bergin

I can be reached via e-mail at
cisco_dot_news_at_comcept_dot_net.

Please post replies to the group so all may benefit.

 

Yes, overloading is usually a workaround for not having enough IP's to do
one-to-one mapping. Or you could do without NAT entirely.

 

:ip nat inside source static 192.168.1.1 public_1
:ip nat inside source static 192.168.1.2 public_2

:and not overloading to the Serial0/0?

Better? Than?

There are still some protocols that don't play well with PAT,
so if you are using one of those, then Yes, a static NAT helps.

But there are still some protocols (e.g., NETBIOS) that don't play
well with any kind of NAT, so if you are using one of those, then
from the protocol perspective, you are better off pushing the
IP addresses right through than using either NAT or PAT.

From a security perspective, the less the attacker can deduce
about your setup, the better, and using PAT helps obscure your
internal architecture. Using PAT also cuts down on accidentally
allowing incoming connections that you don't want -- it's easier
to remember all the connections permitted to a single IP address
than to remember all the connections individually permitted to 253
of them, and as you move computers around you *will* forget
or "not quite have time yet".