On Tue, 22 Aug 2000, Steve Smith wrote:
> Hey gang, a little OT but here is goes. I need a few "expert" opinions on a
> sore subject.
>
> If you have a big WAN, ATM DS3 connecting 6 cities, with a single internet
> access point. Our "security" manger feels that we should have public IPs
> running in our DMZ and our WAN from city to city. Then NAT/PAT into each
> loction. The other way would be to have a DMZ at the internet access point,
> leave them public for web servers and such, then NAT/PAT through the
> firewall for the rest of the WAN.
>
> Any feelings?
I am a little confused at the above. But if your trying to decide to NAT
or not to NAT, then it depends on some things. Where were you considering
doing the translation? At your border to the internet? Translating
early, such as at each city distributes the NAT load, but it masks "true
identities" and can be difficult for accounting who a user is. NATing all
at one point preserves there identity until they leave your network, but
can put a strain on the router doing the NAT.
How much network space are we talking about? If its just say a /24 at
each city, then maybe just use globally routable addreses with access
filtering (then you don't have to run routable AND non-routable
IP's). This can usually work well.
Alot of people will give the servers routable IP's, and then give the
clients rfc1918 space, but this can lead to problems as well. The
clients, being in a different subnet, will need to go thru a l3 device to
reach all servers, and they can pose a problem, load wise, in some
enviroments depending on how your switching/routing network is designed.
Brian
>
> Thanks in advance.
> Steve
>
>
>
>
-----------------------------------------------
Brian Feeny, CCNA, CCDA [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
