NAT with the PIX

[harryhair5]

I am using NAT (see config below) to hide internal workstations from routable addresses. When an internal workstation sends a request outbound it is assigned a network translation (forgive me if my terminology is off). Once this is assigned and before it times out, does this create a two way channel for attacks to come through? In other words, does PAT offer a significant security advantage b/c the outside world sees all internal workstations as the same IP?

nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 1 aaa.bb.13.127-aaa.bb.13.254 netmask 255.255.255.0

dhcp address 10.1.1.127-10.1.1.254 inside
dhcp dns aaa.bb.127.127 aaa.bb.127.128
dhcp lease 3600
dhcp domain anydomain.com
dhcp enable inside

 

[yizhar]

HI.

No, the pix does not only protect internal hosts with address translation, but also with security levels, stateful inspection (only let return traffic back in but not new connections), and access-lists.
So as long as you don't open unneeded ports in your access-list, there is no much difference between NAT and PAT regarding your question.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar