[c-nsp] NAT/PAT appliance recommendations

Ge Moua moua0100 at umn.edu
Thu Nov 5 12:43:03 EST 2009 

coincidently, we just did this for our wifi clients too; using an 
asa5550 to do the nat; works pretty decent; the asa evolved from the pix 
which was in its early days a nat appliance:

right now the box is doing ~39,000 nat translations and the cpu is just 
running luke-warm.



Border-FW-01/UofM-NAT# sh conn count
38295 in use, 117008 most used
Border-FW-01/UofM-NAT#

Border-FW-01/UofM-NAT# sh xlate count
38957 in use, 51352 most used

CPU utilization for 5 seconds = 18.9%; 1 minute: 19.4%; 5 minutes: 19.4%
Border-FW-01/UofM-NAT#



Border-FW-01/UofM-NAT# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(1) <context>
Device Manager Version 6.1(3)

Compiled on Tue 05-May-09 22:45 by builders

Border-FW-01 up 84 days 22 hours
failover cluster up 103 days 19 hours

Hardware:   ASA5550

Licensed features for this user context:
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
GTP/GPRS                     : Disabled 
Botnet Traffic Filter        : Disabled 

Configuration last modified by moua0100 at 15:44:50.126 CDT Wed Sep 23 2009




Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services



Johnson, Neil M wrote:
> I'm looking for recommendations for a device to NAT/PAT so that we can move our wireless network to private IP address space.
>
> We have approximately 1500 wireless clients on one wireless network and about 500 clients on the other (our campus is separated by a river).
>
> One wireless network has six wireless controllers each four 1 Gb/s connections, the other has five wireless controllers. Those interfaces are nowhere near saturated, but we will be adding  another 900 AP's to the network and moving to 802.11N.
>
> All traffic from the wireless clients will be NAT'ed.
>
> Thanks.
> -Neil
>
> --
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> Work: 319 384-0938
> Mobile: 319 540-2081
> Fax: 319 355-2618
> E-mail: neil-johnson at uiowa.edu
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list