We have an issue with our infrastructure as far as external network security. Our initial configuration was a PIX 515E as our endpoint with NAT configured on it. Behind the PIX was an ISA server with NAT, caching, and proxying. That configuration worked fine for us for over one year. We recently added a load balancing device for Internet (a cable modem and a T1 line). This device added another NATing on our network. So that makes three devices NATing one after the other. When connected Internet access was very slow. The load balancing device is properly configured (as per the vendor). Could this be an issue of NATing too many times? Any ideas? Thanks in advance!
Thanks for the post. Well, its a little complicated. The load balancing device must do NAT to perform is functions. The PIX doesnt have to. The ISA server must NAT because of some of the functions we have it performing that neither of the other devices could handle.
NATing 3 times does/should not matter. But it would be preferable to try not to do it, since every device has to perform translation/untranslation on the same packet, which could add to latency (but again, it should effect drastically). You need to try to go through the process of eliminataion. My guess is that the load balancing is not functioning as it is.
Thanks for you post. I understand what your saying. I really do not think that there is anything wrong with the load balancing device. I say this because when I plug a laptop the LAN port on it everything works fine. If I move the link over to my production network (which then puts the PIX and the ISA in the loop) everything slows to a crawl. Any thoughts?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...