Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
4
Replies

Natting of subnet ip address exist over wan

r.kukreja
Level 1
Level 1

‎12-22-2011 09:04 PM - edited ‎03-11-2019 03:05 PM

I have branch office having subnet 172.26.48.0/22 one ip from this subnet say 172.26.48.100 assigned toa server . now our erequirement to access this

server from outside mean from internet . tis branch office is coonected throuth leased line to main office. now main office has firewall and loacl subnet

in which server are there and natted to access over internet . we try to make it possible we got ping response of outised also but latency get stuck that

firewall looking to be in hang mode latency around 900 ms if natting is done otherwise 250-300 ms. what can we do , any alternat approach suggested.

dig. attachement is there

Regards,

Rajat

Labels:
Preview file
123 KB
0 Helpful
4 Replies 4

ajay chauhan
Level 7
Level 7

‎12-22-2011 11:40 PM

Do you mean to say once nat is not there you get 250-300 ms from HQ to branch? If you firewall is oversubcribed then i would say it should add higher latency.

You should look for a trace from outside and also CPU/ Memory utalization of firewall to check where extra latancy is getting added.

Thanks

Ajay

0 Helpful

r.kukreja
Level 1
Level 1
In response to ajay chauhan

‎12-23-2011 12:18 AM

NO i mean we get normal response 250-300 ms HQ to outside link ping responsc of 4.2.2.2 . no branch included . if we nat branch ip mentioned above sudenly latency get high while pinging 4.2.2.2 so firewall does not behave normally in this case.

howwver if we remove natting command from firewall still we get latemcy after rebooting only it comes normal

second it is possible or practical to nat ip of branch office in headquarter firewall. it is suggested by cisco ?

please help

Regards,

Rajat

0 Helpful

ajay chauhan
Level 7
Level 7
In response to r.kukreja

‎12-23-2011 12:23 AM

What firewall is it ?and what kind of behaviour do you seee HIGH CPU ? any logs in firewall ? I dont think just adding one more nat rule shuld cause any problem to your internet connectivity.

yes thats all depend upon your network topology however no harm doing nat on HQ FW.

Thanks

Ajay

0 Helpful

r.kukreja
Level 1
Level 1
In response to ajay chauhan

‎12-23-2011 03:11 AM

my firewall mode 5510 version 7.0 iwill test once user are out and take logs and cpu processess output then post

Thanks for your kind support

Rajat

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card