I'm just curious why people seem to disregard the concept of using NAT and registered
addresses together? Just because you have unique addressing doesn't mean you have to
announce the prefixes to the Internet. I would highly suggest you use registered
space in the same way that you would use 1918 space. In this way, you can still take
advantage of NAT for its limited role in security.
If security is a key concern, NAT is really not a huge component of the solution.
Organizations really need to embrace and enforce policy and support them with
electronic means including properly configured and deployed firewalls, IDS systems,
logging systems (physical/electronic) etc.
*********** REPLY SEPARATOR ***********
On 1/10/2001 at 8:47 AM Steve Smith wrote:
>We had a MASSIVE dispute within our company about this. We bought
>another company and they uses registered IPs on everything down to the
>workstation. They claimed NAT caused problems with most programs and it
>was just easier to use registered IPs.
>
>We had a meeting with 3 different CCIE's that worked for Cisco and 2
>security consulting firms and decided, although it would be nice to use
>registered IPs, it was more efficient and secure to use private IPs. We
>then tested the "apps that won't work with NAT" and found 99 percent of
>them worked fine if the server and firewalls where configed correctly.
>
>Don't get me wrong, NAT can and does have some minor downfalls but
>overall, in my opinion, it's does its job.
>
>regards,
>Steve
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 10, 2001 7:08 AM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Using Register IP Address on your Private network
>
>
>
> I have a question here? Why would anyone use register addresses on
>their
>private network, while you can use UN-register addresses like 10.X.X.X ?
>Do
>you really need to burn register addresses on a private network?
>
>I would like to hear anyone opinion on this subject
>
>Brian
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_________________________________
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
