General discussion


NAT pros and cons

By editor's response ·
Does your organization use NAT? Tell us what you think about Mike Mullins' list of pros and cons to help you decide whether to implement NAT as a defense strategy, as featured in the Jan. 8 Network Security e-newsletter. Let us know if this information is useful to you.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

In the past

by ND_IT In reply to NAT pros and cons

We have used NAT in the past, but recently converted everything over to TCP. We used it on such things as DEX servers for our timeclocks and a few print server boxes as well. We did have some performance issues, as we decided to change everything over to TCP as our standard.

Collapse -

Some of the statements are incorrect ...

by tomhutton In reply to NAT pros and cons

1) Only many-to-one NAT provides a single address on the outside of the device, not any configuration of NAT.
2) Changing a public IP number may be much more involved than "changing a DNS entry".
3) DHCP makes no sense to serve up server addresses, so it is not good for "all" of your internal hosts.
4) You can use NAT to distribute a load? NAT in combination with other protocols would do it, but not NAT alone. Once again, providing this function is much more complicated than this.
5) By using NAT your firewall becomes a stateful device? Maybe in the lowest sense of the word "stateful", but many "firewalls" do it and is are only partially stateful at best.
6) Performance issues recalculating the simple TCP checksum?? Upgrade to a processor made in the last 15 years ...
7) ACLs that are based on source address are complicated and difficult to implement???? Maybe you mean outside of the firewall??
You cannot implement IPSEC through NAT. Come on, it's done *most* of the time. IPSEC would not be able to be implemented in mmany DSL or cable systems, or with a typical firewall as they all have NAT turned on. What do you think the "tunnel" mode is for??

Collapse -

geeze dude

by doublesnapper In reply to Some of the statements ar ...

Man, you're one of those glass is half empty kinda guys aren't you?!

Related Discussions

Related Forums