Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
1
Replies

NAT on 2 sub-interfaces on the same physical interface

m.peran
Level 1
Level 1

‎04-03-2003 12:24 AM - edited ‎03-09-2019 02:45 AM

Hello,

I have a 1720 with an IPSEC IOS and only 1 fastethernet interface

I need to configure a VPN access.

I purpose to active NAT on 2 sub-interfaces on the same physical interface (ip nat inside / ip nat outside).

This design is it possible ?

This design decrease the performances or the security of this acces ?

Regards,

Michel.

Labels:
0 Helpful
1 Reply 1

mhussein
Level 4
Level 4

‎04-03-2003 07:47 AM

If you have a vlan-capable switch (e.g 2900XL, 3500XL) you can implement a "router-on-a-stick" design.

The idea is to setup sub-interfaces on the router with ISL or dot1q encapsulation on the router, and setup a trunk port on the switch.

As far as performance, the bottleneck would be the router's encryption throughput (I think it is less than 6Mbps for low end routers).

Security wise, you better off using ISL encapsulation on sub-interfaces.

HTH,

Mustafa

0 Helpful
Customers Also Viewed These Support Documents