- Bronze, 100 points or more
I have a very simple scenario with Cisco 3945 running IOS c3900-universalk9-mz.SPA.153-3.M.bin with two interfaces g0/0 (external) and g0/1 (internal).
I setup NAT on the router as follows:
ip address 126.96.36.199 255.255.255.252
ip nat outside
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip access-list extended nat
permit ip 192.168.190.0 0.0.0.255 any
ip nat inside source list nat interface g0/0 overload
then I have a linux host with ip address 192.168.1.254 behind g0/1 with the gateway of the router 192.168.1.254. I am able to push 950Mbps through the router without any issues. So far so good.
No I decide to create an ACL and apply this ACL on interfage g0/0:
ip access-list extended External
permit ip any any log
ip access-group External in
When I apply the ACL on the External interface, the throughput on the router goes from 950Mbps down to 160Mbps, an 80% drop in performance. Why?
Anyone knows how to improve this?