Re: Best Practices for Enterprise networks

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Mon, 30 Aug 2004, Fergie (Paul Ferguson) wrote:

> Asymmetric paths are a fact of life in the Internet.

engineer your network to deal with that (from the enterprise perspective,
not the ISP side) and it's not a problem... we have several customers in
this scenario today, all work well.

> - ferg
>
> -- Iljitsch van Beijnum <iljitsch () muada com> wrote:
>
> On 30-aug-04, at 0:50, Tracy Smith wrote:
>
> > Hello.  I am tyring to gauge what the Best Practices are for
> > Enterprise network connections to the Internet.  Specifically, to NAT
> > or not to NAT?  At what point should NAT-ting be performed ...
> > exclusively at the Egress point or at decentralized points?  What
> > about firewalling - centralized/decentralized?
>
> Fortunately, I've never been in the position to make such decisions,
> but I can tell you one thing: if you have multiple connections to the
> internet, you had better make sure that your NATs and firewalls are

(aimed at original poster)

NAT is normally a decision local to the site... "have enough ips? don't
nat" "Don't have enough ips, NAT" or the ever popular: "Want to hide your
internal network details, nat"

I'm not sure there is a 'best practice' that really covers nat. Perhaps
paying for some consulting from some of the larger consulting firms would
help you address your particular issues directly?