We just purchased a new company and I have been tasked to provide a NAT solution, because we have overlapping networks. I have the solution figured out:
Dynamic NAT with the "match host" option and DNS to accomplish what we need to do.
The question I have is performance. I am not sure how heavy the hardware requirements will be for this. I understand that DNS doctoring will do packet rewrites (performance hit?) for DNS replies. We were thinking of putting in a 2821 or 3800 series router. Would a firewall have more horsepower to perform this function?
The device will be JUST doing nat and maybe some simple routing.
Is there a doc that shows the maximum number of NAT translations per device (per memory load?)?
I have a requirement for dynamic nat pools and the "match host" option. I do not want the configuration and maintenance of static NAT entries.
Would the router/ASA do the DNS doctoring in hardware or software?
Would the router/ASA do the normal NAT translations in hardware or software?
Would CEF work for the NAT translations or would it be process switched?