When hackers on the Internet send unwelcomed traffic into Inside network, these traffic are unable to reach the intended Inside machines since there are multiple IP addresses represented by PAT and NAT session does not match such traffic, hence PAT dropped the traffic. PAT is designed to provide single Outside IP address for multiple Inside machines which connection is initiated from those Inside machines going out. When you have dynamic PAT in place for several internal machines to access the Internet, PAT by nature is already an advantage. * You need a good firewall to protect your network from Internet intruders.Ĭreate network-level protection in place to at least try to block unwanted incoming traffic from the Internet or from Untrusted network coming in.
* You have a router running basic IOS image without Firewall (FW) feature
