Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Natting of subnet ip address exist over wan

I have branch office having subnet 172.26.48.0/22 one ip from this subnet say 172.26.48.100 assigned toa server . now our erequirement to access this

server from outside mean from internet . tis branch office is coonected throuth leased line to main office. now main office has firewall and loacl subnet

in which server are there and natted to access over internet . we try to make it possible we got ping response of outised also but latency get stuck that

firewall looking to be in hang mode latency around 900 ms if natting is done otherwise 250-300 ms. what can we do , any alternat approach suggested.

dig. attachement is there

Regards,

Rajat

  • Firewalling
4 REPLIES

Natting of subnet ip address exist over wan

Do you mean to say once nat is not there you get 250-300 ms from HQ to branch? If you firewall is oversubcribed then i would say it should add higher latency.

You should look for a trace from outside and also CPU/ Memory utalization of firewall to check where extra latancy is getting added.

Thanks

Ajay

New Member

Natting of subnet ip address exist over wan

NO i mean we get normal response 250-300 ms HQ to outside link ping responsc of 4.2.2.2 . no branch included . if we nat branch ip mentioned above sudenly latency get high while pinging 4.2.2.2 so firewall does not behave normally in this case.

howwver if we remove natting command from firewall still we get latemcy after rebooting only it comes normal

second it is possible or practical to nat ip of branch office in headquarter firewall. it is suggested by cisco ?

please help

Regards,

Rajat

Natting of subnet ip address exist over wan

What firewall is it ?and what kind of behaviour do you seee HIGH CPU ? any logs in firewall ? I dont think just adding one more nat rule shuld cause any problem to your internet connectivity.

yes thats all depend upon your network topology however no harm doing nat on HQ FW.

Thanks

Ajay

New Member

Natting of subnet ip address exist over wan

my firewall mode 5510 version 7.0 iwill test once user are out and take logs and cpu processess output then post

Thanks for your kind support

Rajat

571
Views
0
Helpful
4
Replies