Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

http traffic

Hi all,

I am facing a typical issue.

I have two router router x and router y.connected to one firewall.

For particular  vlan  i have diverted the traffic from firewall to a diffrent router(with a dedicated link for vlan).

Just asuume gmail ,hotmail etc all traffic flows fromfireall is diverted router x.

And for one http trraafic (http application given by client flows through router y from firewall)

Link is of 2 Mbps for 10 users.

The problem is  the user who connects first connects to that aplication via http traffic has no problem.

But when other two to thrre users connects to that application via hhtp traffic than all the users starts facing problem including the first user.

The recomended bandwidth for 10 users is 1mbps. But we have dedicated 2 Mbps bandwidth for that traffic.

Note- client have provided some public ip for that hhtp traffic.

And for that public ip we have given diffrent route from firewall. 

  • Firewalling
Everyone's tags (2)
7 REPLIES
New Member

http traffic

Dear Prashant ,

                 kindly let me for following things ,

1) Is this same vlan need to access open internet & http application

2) Are you familar with application server IP address ??

3) Are you doing PATing or Static NATing for your LAN segment

4) Does your firewall has been defined with specfic route pointing to your application server to use your 2Mbps circuit .

your firewall should have static routing with application server subnet to use your 2Mbps circuit .

Let me know on this

HTH

Thks

Santhosh Sarav

HTH Regards Santhosh Saravanan
New Member

http traffic

HI ,

Thanks for your response.

As i already mentioned with one user evertthing work fine for 20 to 25 vminutes and than suddenly gets hanged.

When i captured the packect i found some duplicate packet along with retransmission of packet.

It is related anyrhing to MTU Or mss settings.

Bandwidth is never the issue,

New Member

Re: http traffic

Dear Prashant ,

              My insight over here is suspecting something on your NATing ,if you have done Static Nating or dynamic nating  this will allow only one user session , if you have only 1 public IP address in  your global pool for your internal network transalation to external world .

      Try to configure PATing , if you have already configured PATing check for port utilisation , if it exceeds 64000 then u ll have problem , for our scenarion we have only 10 user so there should not be any problem for PATing .

Similalry check at client side http application server , does it allow multiple user session from a single public routable IP address , if it has got restriction to 1 then u need to have multiple induidual routable IP address for each user  or Customer owned IP Private IP address for this resolution . 

Dynamic NAT has these disadvantages:

If the mapped pool has fewer addresses than the real group, you could run out of addresses if the amount of traffic is more than expected.

Use PAT if this event occurs often because PAT provides over 64,000 translations using ports of a single address.

You have to use a large number of routable addresses in the mapped pool; if the destination network requires registered addresses, such as the Internet, you might encounter a shortage of usable addresses.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html#wp1078484

HTH

Thks

Santhosh Sarav

HTH Regards Santhosh Saravanan
New Member

http traffic

Hi santosh,

Today one  activity was carried out by me .

With same dynamic nat policy it worked well for 10 users.The onething change was i bypassed the firewall in between of that.

But with same firewall it works well for one user.

On firewall I have an access-list permit ip any any.I donot know what exactly the problem is on firewall.

There is no ips module on it also.

New Member

http traffic

Dear Prashant ,

          where you are performing your dynamic nating in same firewall or in some other device ??

1) My insight is on your firewall config , as you said already your firewall is servcing for internet with global PATing . so over here your firewall is performing same PATing for your Application HTTP server .

2) To Avoid usage of  global PATing , uses access-list based dynamic NATing on your firewall .

If possible post your firewall system configuration it will be greatful for the resolution . This only configuration error ..

HTH

Thks

Santhosh Sarav

HTH Regards Santhosh Saravanan
New Member

http traffic

Hi

I have directed the traffic from firewall and natted on router.

New Member

http traffic

Dear Prashant ,

                      Could you please share your firewall configuration . Does your firewall is running PATing for general internet access  ??? .

HTH Regards Santhosh Saravanan
636
Views
0
Helpful
7
Replies