Since the firewall will require a static NAT address for traffic that orginates from the Internet (inbound e-mail, DNS) there is little to be gained security wise from the configuration. If you are placing a monitoring device (IDS) on the 172.16.x.x segment the configuration will help protect the device from direct attack.
On the down side, NAT has a tendency to break VPN implementation and could cause problems with Secure Remote users. Can't swear by it since I haven't tested it.
-- Bill Stackpole, CISSP
| "Pitcock Family" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 05/24/00 06:03 AM
|
To: <[EMAIL PROTECTED]> cc: Subject: Hypothetical Dual NAT Question |
Good Morning,
I was wondering if a dual NAT infrastructure would work or buy you any extra
security.
For Example:
Valid Internet addresses
|
|
Router with NAT
172.16.x.x internal
|
|
FW-1 with DMZ 172.17.x.x
192.16.x.x internal networks NAT
Any comments would be greatly appreciated.
Rich
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
