We have a MPLS network which is having some issues for customers using PAT. The case is if I have a CE configured with public IP address or static NAT they have no problems to navigate or do anything on Internet. But if I configure PAT they simply cannot open some pages like hotmail, etc. in that case if I adjust MTU or MSS they can navigate. There is some solution to avoid this?? or somebody knows why it can be happening? as long as I know the packet size doesnt change with PAT.
Hi Swaroop, thanks for your helpfull answer. The NAT/PAT is being applied on customer CE WAN interface that means:
Unfortunately, some of my PE?s dont support adjust MSS or MTU change (HUAWEI), thats the reason to apply on every customer it.
I made this question because we realized after to set different MTU on MPLS core the customers begin to work normally except the customers with PAT, almost on all the cases wasnt necessary change MSS only on PAT customers. I guess its necessary get this command on my PEs if I have not other choice.
Per my understanding NAT/PAT do not intercept TCP they just translate IP addresses.Routers would intercept TCP if you enable features such as tcp intercept in which case they might be able to change the mss values.Or would the routers do an ALG functionality in this case?
PAT will not work by IP translation. There has to be port translation as well !!
When I said "TCP intercept" I didnot mean the TCP intercept command/feature available in Cisco which is used for security purposes to avoid DOS attcks.
You cannot set the MSS size using this feature at all.
When your routers translate ports they have to rewrite the TCP Header and maintain state for the transaltion. Is it possible to copy the options flag received for MSS and translate to the rewritten header?
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?