12-19-2012 07:10 AM - edited 03-03-2019 06:53 AM
Hello,
I'm currently facing a problem with my NAT configuration.
When I configure my router Cisco 18xx (see description below) computers behind the nat have a slow connection to internet.
But when I deactivate NAT translation the connection works fine.
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.0 192.168.0.10
ip dhcp excluded-address 192.168.0.190 192.168.0.255
ip dhcp excluded-address 192.168.1.0 192.168.1.10
ip dhcp excluded-address 192.168.1.190 192.168.1.255
!
ip dhcp pool StdBV
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 208.67.220.220 208.67.222.222
domain-name td5.truc.local
!
ip dhcp pool StdMDC1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.220.220 208.67.222.222
domain-name td5.truc.local
!
!
ip domain lookup source-interface Vlan10
ip domain name td5.truc.net
ip name-server 192.168.254.3
ip name-server 192.168.254.4
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
bandwidth 128
ip address 10.200.0.138 255.255.255.248
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0/1
switchport access vlan 11
!
interface FastEthernet0/0/2
switchport access vlan 12
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
interface Vlan11
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan12
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.200.0.137
!
ip flow-top-talkers
top 10
sort-by bytes
!
no ip http server
no ip http secure-server
ip nat inside source list acl_NATInternet interface FastEthernet0/1 overload
!
ip access-list extended acl_NATInternet
permit tcp 192.168.0.0 0.0.0.255 any eq domain www 443
permit udp 192.168.0.0 0.0.0.255 any eq domain
permit tcp 192.168.0.0 0.0.0.255 any eq ftp-data
permit tcp 192.168.0.0 0.0.0.255 any eq ftp
permit tcp 192.168.1.0 0.0.0.255 any eq domain www 443
permit udp 192.168.1.0 0.0.0.255 any eq domain
permit tcp 192.168.1.0 0.0.0.255 any eq ftp-data
permit tcp 192.168.1.0 0.0.0.255 any eq ftp
EDIT >> In addition to that I've also set up a QOS on the FastEthernet 0/1. But this one is setted on more than 20 router and it's working like a charm on these.
Do not hesitate to ask for further information
Thank you
12-19-2012 10:30 AM
Approximately how many devices are being NAT'd here?
The 1800 series router is not generally going to be enough for anything more than 20 users.
By default when you enable NAT on the interface, Virtual Reassembly is enabled as well - which is demanding on hardware resources but is unfortunately kind of necessary.
12-19-2012 12:47 PM
I thought it might be du to insuficient hardware resources but in that case there is currently only one device behind the NAT. And I'm not planning more than 15 users for this site.
12-20-2012 03:25 AM
Hi,
if you disable Netflow on the interface, have you got the same slowliness ?
Regards.
Alain
Don't forget to rate helpful posts.
12-20-2012 08:18 AM
Thank you Alain for your answer,
I disabled Netflow but this doesn't seems to solve the problem.
Ive really no clue where the problem come from and how to diagnostic it.
In addition to that I also set up a QOS on the fastethernet 0/1 but didn't precised that in the router config above.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: