RE: NAT or ACL??

Mon, 29 Jan 2001 03:47:16 -0800 

Hi David,

My opinion is that NAT's main purpose is not really for security, but for
multiplexing multiple host behind one IP address. The security of NAT is
from external hosts not being able to access hosts behind the NAT, because
the external host only see only one host (the NAT).

NAT is a good solution for smaller networks, but when the number of hosts
behind the NAT start increasing, the NAT will start to become more of a
bottleneck. I believe the bottleneck is from the CRC checksum recalculations
when the IP packets have to be modified, and this CRC checksum may be
computationally expensive.

>From my knowledge, NAT will not let any external hosts access behind the NAT
unless the internal hosts intialised the communication. I also heard that
you could manually add an entry to the NAT, so that external hosts can
access internal hosts, without the internal hosts making first contact.

ACL is designed to secure routers, and have a richer feature set than NAT.
It allows different policies and a mixture of them. It allows you to
permit/deny specified hosts/networks with various conditions. ACL also
doesn't modify the IP packets like NAT does, so it should be much faster.


Regards,

Albert



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
David Richard
Sent: Monday, 29 January 2001 21:58
To: [EMAIL PROTECTED]
Subject: NAT or ACL??


Hi All,

Any body knows whats the best way to protect Internal network from Internet
??

I found many different answers out of them,Finallyy I have to choose b/w
two..

NAT  or Acces-Lists??

ANyh help would be appreciated.

DR.

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to