Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
4
Helpful
4
Replies

NATing too many times?

bevans
Level 1
Level 1

‎10-27-2003 08:34 AM - edited ‎03-09-2019 05:17 AM

We have an issue with our infrastructure as far as external network security. Our initial configuration was a PIX 515E as our endpoint with NAT configured on it. Behind the PIX was an ISA server with NAT, caching, and proxying. That configuration worked fine for us for over one year. We recently added a load balancing device for Internet (a cable modem and a T1 line). This device added another NATing on our network. So that makes three devices NATing one after the other. When connected Internet access was very slow. The load balancing device is properly configured (as per the vendor). Could this be an issue of NATing too many times? Any ideas? Thanks in advance!

Bill E.

Labels:
0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎10-27-2003 08:41 AM

Bill,

Hi, I don't understand why you need to NAT three times why not just allow you PIX to handle the NAT for you! This may well be your problem at the moment.

Thanks -

bevans
Level 1
Level 1
In response to jmia

‎10-27-2003 08:44 AM

jmia,

Thanks for the post. Well, its a little complicated. The load balancing device must do NAT to perform is functions. The PIX doesnt have to. The ISA server must NAT because of some of the functions we have it performing that neither of the other devices could handle.

Bill E.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to bevans

‎10-27-2003 04:37 PM

Hi,

NATing 3 times does/should not matter. But it would be preferable to try not to do it, since every device has to perform translation/untranslation on the same packet, which could add to latency (but again, it should effect drastically). You need to try to go through the process of eliminataion. My guess is that the load balancing is not functioning as it is.

Thanks

Nadeem

bevans
Level 1
Level 1
In response to nkhawaja

‎10-28-2003 05:16 AM

nkhawaja,

Thanks for you post. I understand what your saying. I really do not think that there is anything wrong with the load balancing device. I say this because when I plug a laptop the LAN port on it everything works fine. If I move the link over to my production network (which then puts the PIX and the ISA in the loop) everything slows to a crawl. Any thoughts?

0 Helpful
Customers Also Viewed These Support Documents