A stateful NAT firewall is a NAT feature that protects members of the inside network from access from outside network clients for which a dynamic NAT firewall binding does not exist, while at the same time allowing outside traffic not destined to the inside network to flow freely. The firewall provides protection against unwanted connections, such as a potential hacker, being established from the outside interface to the users secure network. The establishment of connections is controlled based on:
In addition, the stateful NAT firewall feature allows privately addressed hosts to share the firewall‘s public IP along with the standard NAT feature that internal network addresses are not visible to the outside world.
By controlling the establishment of connections the users system can be protected from malicious and unwanted access to the user‘s network, while allowing clients on the user‘s network to access servers in the unsecured outside network.
A stateful NAT firewall is configured by creating a standard dynamic NAT list rule without specifying a NAT pool using the ip/ipv6 nat inside source list commands.