[73579] in North American Network Operators' Group
Re: Best Practices for Enterprise networks
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sun Aug 29 19:07:20 2004
In-Reply-To: <7CD4CD9D537C294D9ED9E5CE2F019106F6359B@MAILSERV.linc2icn.net>
Cc: <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 30 Aug 2004 01:06:36 +0200
To: "Tracy Smith" <TSmith@illinois.net>
Errors-To: owner-nanog-outgoing@merit.edu
On 30-aug-04, at 0:50, Tracy Smith wrote:
> Hello. I am tyring to gauge what the Best Practices are for
> Enterprise network connections to the Internet. Specifically, to NAT
> or not to NAT? At what point should NAT-ting be performed ...
> exclusively at the Egress point or at decentralized points? What
> about firewalling - centralized/decentralized?
Fortunately, I've never been in the position to make such decisions,
but I can tell you one thing: if you have multiple connections to the
internet, you had better make sure that your NATs and firewalls are
equipped to handle the case where you send a packet out through
connection A and the reply comes back through connection B.
