I installed a 3002 hardware client at a customer site and the address on the public interface gets natted/patted at their firewall (they say they can't give me a one-to-one translation for some reason). The systems behind the 3002 work and can get to the servers behind a 3020 but performance seems sluggish and inconsistent. Is it ok to have a patted address on the public interface? I'm wondering if that's what's causing the performance issues. If it is ok are there any configuration parameters I need to be aware of with this setup? Thanks in advance.
Hi and thanks for your reply, I appreciate it. It's not the non-routable address part I was concerned about, but the fact that the address is PATted and the public address is shared with many other systems. Since I wrote that post I was able to make some adjustments to the config on both the 3002 and 3020 which helped considerably.
The 3002 was at a different site for a while where it worked fine in network extension mode, and was configured to connect via tcp port 443 for reasons I won't bore you with. It didn't work well at all at the new site, and I'm guessing it's because you can't do that with a PATted address because you need UDP in that scenario.
One thing I'm not sure about is if I should have PAT enabled on the 3002 under Traffic Management. My understanding is that if it isn't enabled then the unit is in network extension mode and I don't know if that's ok with a PAT address. However when I configure the PAT option it doesn't work any more and all connectivity is lost, but I could be doing something wrong. In any case it seems ok as it is but perhaps it could be more efficient.
I will probably try adjusting the MTU as you mentioned to see if it helps, thanks for the suggestion.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...