We had a DMZ server that customers used to get to their information. This sever was the front end to get to the host that holds the customer information.
The server was in a DMZ, the path from Server to host was:
through DMZ switch, through firewall to 6509 switch to the host.
We never had a problem with this, the server application was old but worked great.
We have since moved to having someone host the front end. The front end connects via Internet to their thrid party router, to the same DMZ switch through same firewall, to same 6509 to host. The third party router is configured with VPN tunnel to remote end. Connection comes through Internet to their router and is NATed then goes to DMZ, to host.
We have had nothing but trouble with this connection. Customers are complainging because the connections time out so much. We see a lot of tcp resets on the host to the Router NAT ip address (which is the DMZ side interface). The resets usually show "Invalid Query Header Length". The current connection is capped at 1Mbps, with average response times of 50ms (spikes to 200).
They keep telling us that something is wrong with the host, but I have to believe the latency is causing us problems. I can see that bandwidth seems to be enough as I do not see the interfaces utilizing that much, averages about 300K.
I was wondering could the IOS NAT be contributing to the problem as well?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...