Re: Best Practices for Enterprise networks
Asymmetric paths are a fact of life in the Internet. - ferg -- Iljitsch van Beijnum <iljitsch@muada.com> wrote: On 30-aug-04, at 0:50, Tracy Smith wrote:
Hello. I am tyring to gauge what the Best Practices are for Enterprise network connections to the Internet. Specifically, to NAT or not to NAT? At what point should NAT-ting be performed ... exclusively at the Egress point or at decentralized points? What about firewalling - centralized/decentralized?
Fortunately, I've never been in the position to make such decisions, but I can tell you one thing: if you have multiple connections to the internet, you had better make sure that your NATs and firewalls are equipped to handle the case where you send a packet out through connection A and the reply comes back through connection B. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net
On Mon, 30 Aug 2004, Fergie (Paul Ferguson) wrote:
Asymmetric paths are a fact of life in the Internet.
engineer your network to deal with that (from the enterprise perspective, not the ISP side) and it's not a problem... we have several customers in this scenario today, all work well.
- ferg
-- Iljitsch van Beijnum <iljitsch@muada.com> wrote:
On 30-aug-04, at 0:50, Tracy Smith wrote:
Hello. I am tyring to gauge what the Best Practices are for Enterprise network connections to the Internet. Specifically, to NAT or not to NAT? At what point should NAT-ting be performed ... exclusively at the Egress point or at decentralized points? What about firewalling - centralized/decentralized?
Fortunately, I've never been in the position to make such decisions, but I can tell you one thing: if you have multiple connections to the internet, you had better make sure that your NATs and firewalls are
(aimed at original poster) NAT is normally a decision local to the site... "have enough ips? don't nat" "Don't have enough ips, NAT" or the ever popular: "Want to hide your internal network details, nat" I'm not sure there is a 'best practice' that really covers nat. Perhaps paying for some consulting from some of the larger consulting firms would help you address your particular issues directly?
participants (2)
-
Christopher L. Morrow
-
Fergie (Paul Ferguson)