05-27-2013 09:41 AM - edited 03-04-2019 08:01 PM
2801 Software (C2801-ADVENTERPRISEK9-M), Version 15.1(4)M6
I recently upgraded from a DHCP WAN IP to a block of static public IPs and found an issue with hairpin. I looked around and found that I could use the NVI (nat interface) to get around this issue. I switched everything over and now I am getting less then half the speed as before. (15mbps vs 35-40mbps). To summarize when using nat inside/outside I get good speed but cant hairpin, but when using nat enable (NVI) I can hairpin but get bad speeds.
Find below everything explained out in more detail-
Here is my original config
----------------------
int fa0/0
ip address x.x.x.2
ip nat outside
int fa0/1
ip address y.y.y.2
ip nat inside
ip nat inside source list 1 interface FastEthernet0/0 overload
--------------------------
Everything was/is working just fine like this, but I wanted to map some of the static IPs back to two hosts so I added-
---------------------------
ip nat inside source static y.y.y.3 x.x.x.3
ip nat inside source static y.y.y.4 x.x.x.4
----------------------------
This was working with the mapping , I attempted to do some hairpin (connect to x.x.x3 from y.y.y.4) and found that it would not work. After some research I found that Cisco added the NVI in a release awhile back and I switch over to that. See the new config-
---------------------------
int fa0/0
ip address x.x.x.2
ip nat enable
int fa0/1
ip address y.y.y.2
ip nat enable
ip nat source list 1 interface fa0/0 overload
ip nat source static y.y.y.3 x.x.x.3
ip nat source static y.y.y4 x.x.x.4
------------------------
Everything like this works but now I get less then half the speed I did before. I am at a loss as to what would cause this.
Solved! Go to Solution.
05-27-2013 12:59 PM
Performances with the traditional configuration were already very high for such an old and slow router, compare to attached document.
Then with the more complex NVI configuration they are still reasonable.
If you need better, either find a way to go back to regular NAT, or you will need to update to a newer / faster machine.
05-27-2013 12:59 PM
Performances with the traditional configuration were already very high for such an old and slow router, compare to attached document.
Then with the more complex NVI configuration they are still reasonable.
If you need better, either find a way to go back to regular NAT, or you will need to update to a newer / faster machine.
05-27-2013 02:19 PM
Thanks for the info. I have switched back to the traditional NAT for now as I have another solution in place for the moment. I know the 2801 is kind of old but I wasn't expecting such difference with when using the newer NAT feature. I suppose i will have to look into a 2901 as possible upgrade.
03-04-2014 09:29 AM
I ran into the same issue you were having Robert. After switching to NVI I went from 55 Mbps to 15 Mbps on my 2821. I eventually switched back to traditional and just dealt with hairpinning.
You said you have another solution in place, what would that be?
03-06-2014 06:45 AM
What I used as a work around was to put a WAN switch in place. It allowed me to place one host behind the 2800 and the other behind an ASA I had lying around.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide