[c-nsp] Cisco PXF

Palis Michael security at cytanet.com.cy
Tue Feb 7 01:03:02 EST 2006

I think it is a feature that it is not supported in hardware since I tried
various IOS releases on the C7304 and also on C7401. The thing is that we
are doing a lot of NATing (around 5000 Nat  translations)  on this boxes
(Termination of ADSL Users and then NAT) and disabling PXF kills the

-----Original Message-----
From: Rodney Dunn [mailto:rodunn at cisco.com] 
Sent: Monday, February 06, 2006 9:02 PM
To: Palis Michael
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco PXF

It's a bug. Open a TAC case if you have a contract.

We may not support that portion of NAT in the hardware
forwarding path but on those platforms at least there
is a punt path and that should be taken. The performance
will be pretty horrible but at least the packets would go through.

That's not always the case on some other hardware forwarding platforms
that are "all features in hardware or it doesn't work at all" scenario.

It's been said a lot of times on this alias. If the features you want
are not done in hardware and you are on a platform that has hardware
based forwarding most of the time it's probably the wrong platform
for you. That is unless the rates are really really low and you understand
the impact.


On Mon, Feb 06, 2006 at 03:59:26PM +0200, Palis Michael wrote:
>  We are running a couple of C7304 and C7400 and we have problems with NAT
> Traversal and PXF. Enabling PXF, VPN clients using NAT Traversal do not
> work. Disabling PXF everything is OK. Note that we are Natting on the
> and C7400..
> Can you please advice?
> -- 
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.15.2/251 - Release Date: 4/2/2006
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list