Router performance with NAT & CBAC

Unanswered Question
Feb 21st, 2007

I have a router that is 2610 with 12.3 ios ver, its already performing NAT with its two serial interface as outside NAT. Now its is experiencing degration like delay in sound and video conversation compared when is not in NAT. is it recommendable to use my router to perform Context-Based Access Control or any firewall function? thanks in advance!what is recommendation? I would also want to show you if theres something missing in my configuration (below).

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname xxxx

boot-start-marker

boot-end-marker

enable secret 5 xxxxxxxxxxxxxxxxxxx

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

ip name-server 203.172.11.21

ip name-server 203.172.11.25

no ftp-server write-enable

interface FastEthernet0/0

ip address 10.1.1.1 255.0.0.0

ip directed-broadcast

ip nat inside

duplex auto

speed auto

no cdp enable

interface Serial0/0

description belltree-link-to-infocom

bandwidth 2048

ip address 203.xxx.xxx.xxx 255.255.255.252

ip nat outside

no cdp enable

interface Serial0/1

description xxxxxxxx-link-to-infocom

bandwidth 2048

ip address 203.xxx.xxx.xxx 255.255.255.252

ip nat outside

no cdp enable

ip nat pool isp-1 203.172.xxx.xx 203.172.20.xx prefix-length 28

ip nat pool isp-2 203.172.xxx.xx 203.172.20.xx prefix-length 28

ip nat inside source route-map isp-1 pool isp-1

ip nat inside source route-map isp-2 pool isp-2

ip classless

ip route 0.0.0.0 0.0.0.0 203.172.xxx.xxx

ip route 0.0.0.0 0.0.0.0 203.172.xxx.xxx

no ip http server

access-list 1 permit 10.0.0.0 0.255.255.255

no cdp run

route-map isp-1 permit 10

match ip address 1

match interface Serial0/0

route-map isp-2 permit 10

match ip address 1

match interface Serial0/1

line con 0

line aux 0

line vty 0 4

password 7 xxxxxxxxxxxxxxxxxxxx

login

end

xxxxxxx#

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Tue, 02/27/2007 - 10:47

There is no problem in your configuration. I would suggest going for a dedicated security device such as the pix firewall as the router is heavily loaded with two outside nat. Configuring CBAC will only slow down your device more.

Actions

This Discussion