[c-nsp] NAT on ACE

[Arie Vayner]

Pavel,

ACE can do this, but you need to take a look also at other performance
metrics such as maximal session number (which could be very different for
the same BW rate for different session profiles).
Also, you need to make sure that more advanced features you may need are
available and are scalable enough (like static mappings etc).
You should also think about features like NetFlow and routing

It could be a good idea to actually split the NAT functionality of the
enterprise and the data center as their level of redundancy, features and
traffic profiles are quite different.

Arie

On Mon, Apr 13, 2009 at 3:27 PM, Pavel Lunin <plunin at gmail.com> wrote:

> Hi experts,
>
> Who thinks what about an idea of using Cisco ACE module for 6500/7600 as a
> NAT device for a huge enterprise network?
>
> I am looking for a device which would be capable to NAT traffic for a
> network of several thousand desktops + an enterprise-scale data center: up
> to 5 Gbps of traffic totally. Local sales say it is a nice idea to use ACE.
> The price is also very attractive in compare with any classic stateful
> firewall solution. But I myself have absolutely no experience with ACE and
> am also afraid nothing goes free. At least in Cisco world :)
>
> Skimming through Cisco's datasheets it seems like ACE is rather a kind of
> load balancer, SSL accelerator, L7 proxy, etc. This functions are usually
> done in software. However ACE's NAT capabilities, announced by the vendor,
> should require lots of expensive hardware, just as any firewall does.
>
> So where is the trick? Does anyone have real life experience with NAT on
> ACE module? Should we go there? Let's assume we don't need any other
> firewall features, only NAT.
>
> Thank you.
>
> --
> Kind regards,
> Pavel
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>