cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2539
Views
6
Helpful
4
Replies

NAT slow connectivity to internet

leopreis1
Level 1
Level 1

Hello,

I'm currently facing a problem with my NAT configuration.

When I configure my router Cisco 18xx (see description below) computers behind the nat have a slow connection to internet.

But when I deactivate NAT translation the connection works fine.

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.0.0 192.168.0.10

ip dhcp excluded-address 192.168.0.190 192.168.0.255

ip dhcp excluded-address 192.168.1.0 192.168.1.10

ip dhcp excluded-address 192.168.1.190 192.168.1.255

!

ip dhcp pool StdBV

   network 192.168.0.0 255.255.255.0

   default-router 192.168.0.1

   dns-server 208.67.220.220 208.67.222.222

   domain-name td5.truc.local

!

ip dhcp pool StdMDC1

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 208.67.220.220 208.67.222.222

   domain-name td5.truc.local

!

!

ip domain lookup source-interface Vlan10

ip domain name td5.truc.net

ip name-server 192.168.254.3

ip name-server 192.168.254.4

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1

bandwidth 128

ip address 10.200.0.138 255.255.255.248

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface FastEthernet0/0/1

switchport access vlan 11

!

interface FastEthernet0/0/2

switchport access vlan 12

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

interface Vlan11

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan12

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.200.0.137

!

ip flow-top-talkers

top 10

sort-by bytes

!

no ip http server

no ip http secure-server

ip nat inside source list acl_NATInternet interface FastEthernet0/1 overload

!

ip access-list extended acl_NATInternet

permit tcp 192.168.0.0 0.0.0.255 any eq domain www 443

permit udp 192.168.0.0 0.0.0.255 any eq domain

permit tcp 192.168.0.0 0.0.0.255 any eq ftp-data

permit tcp 192.168.0.0 0.0.0.255 any eq ftp

permit tcp 192.168.1.0 0.0.0.255 any eq domain www 443

permit udp 192.168.1.0 0.0.0.255 any eq domain

permit tcp 192.168.1.0 0.0.0.255 any eq ftp-data

permit tcp 192.168.1.0 0.0.0.255 any eq ftp

EDIT >> In addition to that I've also set up a QOS on the FastEthernet 0/1. But this one is setted on more than 20 router and it's working like a charm on these.


Do not hesitate to ask for further information

Thank you

4 Replies 4

Kyle McKay
Level 1
Level 1

Approximately how many devices are being NAT'd here?

The 1800 series router is not generally going to be enough for anything more than 20 users.

By default when you enable NAT on the interface, Virtual Reassembly is enabled as well - which is demanding on hardware resources but is unfortunately kind of necessary.

I thought it might be du to insuficient hardware resources but in that case there is currently only one device behind the NAT. And I'm not planning more than 15 users for this site.

Hi,

if you disable Netflow on the interface, have you got the same slowliness ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Thank you Alain for your answer,

I disabled Netflow but this doesn't  seems to solve the problem.

Ive really no clue where the problem come from and how to diagnostic it.

In addition to that I also set up a QOS on the fastethernet 0/1 but didn't precised that in the router config above.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco