[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 601
  • Last Modified:

Cisco 1841 Nat config


In setting up the cisco 1841 router,

I use the FE0/1 for the Wan for the internet connection

Than use FE0/0 for the Lan, giving FE0/0 a private ip. And doing nat out through the FE0/1

My question is, do i need any accesslist anywhere to protect the Lan from outside intruder. or the Nat already protect it?

2 Solutions
NAT protecting your LAN from outside world but cannot guarantee 100% safety...Do you have static NAT translations?
Are your clients running Windows XP with firewall on? In this case you probably don't need access lists on the router. But, just in case you can close all unnesesary traffic from/to outside...
If you configure an access-list 'in' on FE0/1 or 'out' on FE0/0 to block connections from the internet, you will need to use IP inspection (formerly CBAC) to get traffic back to your private network.  This is because a "deny any any" (or whatever) ACL that you will use will block all of the return traffic coming back to your private network.  Search Cisco.com for Firewall Design Guide, it should be the first hit.

-Leo- is correct saying that NAT should probably protect you.  It's very unlikely that someone will find their way back in through a NAT to attack a host on your network.  

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now