NAT/PAT and CBAC
CBAC interoperates with both static and dynamic NAT (source and destination). Static and Dynamic NAT with CBAC turns Cisco IOS Router into a very powerful enterprise class firewall. Here are a couple of the benefits NAT adds to CBAC:
-
Hides your internal addresses from the outside world.
-
Helps stop spontaneous attacks from the Internet because no traffic is allowed (static translation is an exception). Dynamic NAT allocates addresses only for nodes that have actually sent traffic through the router.
Port Application Mapping (PAM) and CBAC
Port Application Mapping (PAM) allows you to change the standard application port on the router. This is important for hiding well-known port numbers for different applications such as TCP/80 for the HTTP protocol. By default, PAM generates a table of information that identifies specific applications with specific TCP or UDP port information. The PAM table initially is populated with system-defined mapping information, when the firewall router first starts. Example 5-3 shows the output of the default port to application. CBAC works well with this standard port and creates session information based on this.