Network Address Translation (NAT) will not be configured for use with remote access gateways and servers unless there is a means of tracking the remote client's network activity throughout the network.

From Remote Access VPN STIG

Part of SRC-NET-060 NAT for Remote Access gateway

Associated with IA controls: ECSC-1

SV-23743r1_rule Network Address Translation (NAT) will not be configured for use with remote access gateways and servers unless there is a means of tracking the remote client's network activity throughout the network.

Vulnerability discussion

An incorrectly configured remote access gateway may allow unauthorized access to malicious or unauthorized remote users.

Check content

Inspect the configuration of the VPN or RAS gateway and verify that it is does not provide NAT services to the remote access end points.

Fix text

Ensure that the remote access gateway is not configured to provide NAT services for remote access connections.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer