Securing NAT Solution  «Prev  Next»

Lesson 2Restricting Internet traffic using IP Filters
ObjectiveDescribe how IP filters enhance NAT Security

Restricting Internet Traffic using IP Filters

To restrict access to the Internet or the private network, you can specify unique Routing and Remote Access IP filters for each NAT interface.
These filters are based on an incoming or outgoing IP address range and protocol.
For example, if you wanted to prevent internal network users from using FTP resources on the Internet, you could place a filter on outbound packets so that any request for an FTP resource at a particular site would be dropped.
You can specify Routing and Remote Access IP filters to restrict:
  1. Internet-based user access to private network resources
  2. Private network user access to Internet-based resources, such as partner networks or central offices

The following Slide Show illustrates the benefits of using IP filters to restrict Internet traffic.

Using IP Filters
Question: How are Routing and Remote Access filters created?
Answer: By specifying the source or destination IP address range and the protocol type of the packets to be filtered.
Packet filtering is a very difficult way to implement outbound security.
In the next lesson you will learn how to allow access to specific computers and applications using address pools and special ports.