I have some doubt in the below scenario.
gig0/0 gig0/1 eth0/0.4 eth0/1 eth0/0 eth0/1 fa0/47
--------Internet router ----------------> ASA Context (Virtual) Firewall -----------------> ASA 5510 Firewall ---------------->Core switch.
1xx.2xx.3xx.4 10.0.10.1 10.0.10.2/30 10.0.10.5/30 10.0.10.6/30 192.168.10.4
I need to access internet from the coreswitch. I have another virtual firewall connected to another network.
I need to limit the another network traffic into here through physical(ASA5510) firewall.
So I need to configure NATing in three places like Internet router, Context Firewall, ASA 5510 v8.3.
If i do natting in all devices, then it may affect the bandwidth of the network (bottleneck).
Is there any other way to resolve it.
Please suggest to me.
If you NAT, the NAT process take up system resources.
Honestly I don't see the need for NATing more than once (perhaps two for overlapping), but why three times?
Thanks for your reply,
In internet router, I will nat the 10.0.10.0 series into a public IP to rate limit the bandwidth for this network.
In Virtual firewall and Physical firewall, I will NAT the Inside and outside interfaces.
Is it possible to reduce the NATing in this scenario
Please send any other suggestion for the same.
Mike here. Well if you are talking about doing self translations (Nat to themselves) until they get to the router... it is not going to cause latency issues...
However, it is very important to mention that if you have applications behind the core switch that need to have internet access and are also sensitive to tcp sequence number, you may want to disable the randomization of TCP sequence numbers on one of the ASA's
For the rest, I dont see a problem....