While I cannot speak with the authority of many of the list's more
knowledgeable members, I am running in a "dual NAT" environment. I cannot
see where it really increases me security, but it certainly makes network
management more difficult. My situation may be different that what you
propose in that mine is not by choice. My ISP runs one level of NAT which
translates from public addresses to 172.17.x.x privates. I then translate at
my site from the 172.17.x.x addresses to 192.168.x.x addresses for my
internal 'net. I do not control or have access to their equipment and
therefore have had a difficult time with things like VPN setup and DNS
configuration.
I am sure that it would work better if one were (a) more experienced, and
(b) in control of both parts of the private NAT'd systems, but I am not sure
that it would be worth the extra effort.
...just mho.
Dean A. Luethje, Sysadmin
Bell Paper Box, Inc.
...Any opinions expressed are mine alone and do not reflect official company
opinion or policy
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Pitcock Family
Sent: Wednesday, May 24, 2000 8:03 AM
To: [EMAIL PROTECTED]
Subject: Hypothetical Dual NAT Question
Good Morning,
I was wondering if a dual NAT infrastructure would work or buy you any extra
security.
For Example:
Valid Internet addresses
|
|
Router with NAT
172.16.x.x internal
|
|
FW-1 with DMZ 172.17.x.x
192.16.x.x internal networks NAT
Any comments would be greatly appreciated.
Rich
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
