I have double NAT running and working great, here is pretty much my running config from my Router 2821 and ASA 5505. My setup. ISP ----> 2821 -----> ASA5505 ------> FTP Server CISCO ROUTER 2821; Gi0/0 (ISP) Gi0/1 (10.10.10.1) interface GigabitEthernet0/1 description LAN-Internal ip address 10.10.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex full speed 100 ip nat inside source static tcp 192.168.1.6 21 interface GigabitEthernet0/0 21 S 192.168.1.0/24 [1/0] via 10.10.10.5 CiSCO ASA 5505 (routed mode) (eth0/0) 10.10.10.5 (eth0/1) 192.168.1.1 (eth0/1) interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 (eth0/0) interface Vlan11 description OutsideConnection nameif outside security-level 0 ip address 10.10.10.5 255.255.255.0 object network FTPSERVER host 192.168.1.6 access-list outside_access_in extended permit tcp any object FTPSERVER eq ftp log debugging object network FTP nat (inside,outside) static FTPSERVER service tcp ftp ftp CISCO 2960 Layer 2 only with several Vlans FTP SERVER
... View more
Although there is still a lot of delay and timeouted websites, I did notice at times the websites practically stop loading. That's when I checked the log and did see the 'overflow' message that you mentioned Andras. I raised the limit to 64 from the default 16 and it did help slightly. I did a lot of research on this and there does not appear to be a solution, not one I could find. It does seem that the 15.x IOS is very buggy and this bug is reported by several users. Hope Cisco is working on a fix in the next release.
... View more