Quote:
Originally Posted by northlandboy  Suit yourself, but when I've always found automatic NAT to be a pain, particularly once you have a complex network, with multiple layers of firewalls, automatic NAT will cause more problems than it's worth. You end up natting connections that don't need to be natted, and you have to put in manual rules above the automatic ones, to say "don't nat anything between these internal networks"
You also then have the issue of not having objects created with the NAT address, so you can't search for them in Tracker, and you can't see the NAT IPs in your objects list.
I don't really understand what the advantages of automatic NAT are - care to enlighten me? ;-) |
I always recommend using Automatic NAT rule creation whenever possible. I'm even ready to say it's a "Best Practice". Here are the reasons I give:
1. Automatic NAT rule creation is much faster than Manual NAT rule creation. I can do it in about four seconds, rather than a couple of minutes.
2. Automatic NAT rule creation is almost foolproof. You configure it and it runs.
3. I think there are still issues with Manual NAT rule creation not doing the ARP replies properly.
4. With manually-created NAT rules, the "flyover" hints often give confusing information.
I use Automatic NAT rule creation in my classroom and I can configure six of them in about 30 seconds and they work perfectly every time.
Could you please provide the arguments for using Manual NAT rule creation? I'm eager to hear the other side of this and I might learn something.
I agree in advance that port translation may require Manual NAT rule creation and that my experience may be with fairly simple networks. I'm also now using R60 with HFA-04; they seem to have worked out all the automatic arp issues.
By the way, northlandboy, thanks for all your participation on the discussion board. You've been a really helpful member.