It's not a question of either/or, NAT and ACL's will work perfectly fine together. Strictly speaking, NAT is not a security feature, although it does have some security related properties depending on how its implemented. For example, many NAT implementations will not allow inbound initiated connections to NATed IP addresses. (don't know if Cisco NAT has this property or not) Also, if you use PAT (also called NAT overload and Masquerading), inbound connections to the PAT address to non-mapped ports will be dropped, offering some level of protection to internal hosts.
However, NAT is not a replacement for ACL's and some applications don't play well with NAT. If you have a registered address space, you don't _need_ NAT but your certainly need ACL's to protect yourself. If you properly use ACL's, it's likely that NAT isn't going to buy you much, if any, additional security. If you don't have registered address space, you will need to use NAT, and you definitely should use ACL's as well. HTH, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 8:43 PM To: [EMAIL PROTECTED] Subject: NAT vs ACL [7:34728] If my Cisco router needs to connect to the internet, what should I enable/use by default? NAT or Access List? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34750&t=34728 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
