Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1120
Views
5
Helpful
8
Replies

NAT problems

DVRK
Level 1
Level 1

ā€Ž08-05-2022 01:05 AM

I'm looking at about 30 branch offices connecting to one HQ through VPN(using pat). The internet becomes very slow quickly and upon checking NAT the translations are getting to 131062 fast and capping there. What might be the problem?
0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

ā€Ž08-05-2022 04:33 AM

30 Site connect to HQ via VPN and you dont use Direct Internet Access that sure make HQ slow, 
all site when need to connect to Internet it send traffic to HQ. that bad idea.
I think the VPN is route-based, so you need to config Direct Internet Access in Branch Site (if they have FW or Zone FW) in Site edge.

0 Helpful

DVRK
Level 1
Level 1
In response to MHM Cisco World

ā€Ž08-08-2022 07:42 AM

Thank you for the response. All  the branches have to connect through the HQ for internet.

Marius Gunnerud
VIP
VIP

ā€Ž08-05-2022 05:05 AM

I am assuming you are tunneling all traffic through the HQ.  So, what device is the VPN being terminated on at the HQ and is this also the internet gateway?  How fast is your internet connection at the HQ office, and at the branch sites?

If you have not scaled your hardware and internet connection to accommodate for this amount of traffic then the connection will be slow.

If you have scaled your hardware and internet connection properly, then there might be a few users that are either streaming videos or downloading off the internet. 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

DVRK
Level 1
Level 1
In response to Marius Gunnerud

ā€Ž08-08-2022 07:48 AM

Yes all traffic is channeled through HQ and the device is Cisco router 4321. I guess the hardware have to be scaled to handle the traffic.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to DVRK

ā€Ž08-08-2022 11:00 AM

Do you have the HSEC license for you 4321 router?  Without the HSEC license you will be limited to 85 Mbps VPN traffic.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

IP_Cartel
Level 1
Level 1

ā€Ž08-08-2022 11:07 AM

bro, 30 branch sites I would say it is time to design SD-WAN.  You can use inexpensive WAN links for SD-WAN and have smarter redundancy.  

0 Helpful

Marius Gunnerud
VIP
VIP
In response to IP_Cartel

ā€Ž08-08-2022 12:39 PM

Ideally a new design would be the solution, but this would also mean a whole different price tag.  The HSEC license would better the situation as of right now, but for the long run a new design would be best.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

alirafaleiro
Level 1
Level 1

ā€Ž08-08-2022 10:37 PM - edited ā€Ž09-08-2022 02:17 AM

Network Address Translation (NAT) therefore was introduced to overcome these addressing problems that occurred with the rapid expansion of the Internet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card