Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX static + dns related questions

Reply
Thread Tools

PIX static + dns related questions

 
 
mcaissie
Guest
Posts: n/a
 
      03-01-2005
Hi all ,

First is there a limit in the number of translation a PIX 520 can have at
the same time ?
We have VPNs with remote sites, and we want to modify the configs to use
2-way NAT
on both inside IPs to avoid future address overlapping .

Both NAT rules would be applied on the central PIX520 to minimize
configuration
at the remote sites. This mean that 2 translations per connection would be
established in
the PIX. For now we have around 1000 simultaneous connections , this would
lead to 2000
simultaneous translations . We can expect simultaneous connections to rise
to 5000 in the
near future, meaning 10 000 simultaneous translations. Could this be a
bottle-neck
or it's no big deal for a 520 ( unrestricted).


Also , we plan to use the dns doctoring feature of the PIX on both ways .
Tested in lab , works great . My concern is , is this a feature mature and
robust
enough , for the whole wan name resolutions to rely on ?

thanks


 
Reply With Quote
 
 
 
 
Brian
Guest
Posts: n/a
 
      03-01-2005
Assuming that you're using PAT (all addresses translated to a port
number on a single IP address) then the number of possible translations
is somewhere in th 64,000 range, so you should be fine. Each
translation takes about 8 bytes of memory if I recall correctly, so
that shouldn't be a problem on a 520.

Someone else will have to answer the DNS doctoring question.

 
Reply With Quote
 
 
 
 
mcaissie
Guest
Posts: n/a
 
      03-01-2005

"Brian" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Assuming that you're using PAT (all addresses translated to a port
> number on a single IP address) then the number of possible translations
> is somewhere in th 64,000 range, so you should be fine. Each
> translation takes about 8 bytes of memory if I recall correctly, so
> that shouldn't be a problem on a 520.


If fact , i will have a static statement per subnet to translate so there
will be no PAT.
But it's a good indication that if the PIX can support over 64000 PAT it
should not
have to much problem to handle 10 000 NAT


>
> Someone else will have to answer the DNS doctoring question.
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 501 relay client DNS requests out to an internet DNS server? nicough@gmail.com Cisco 1 11-18-2006 03:29 PM
PIX static IP and DNS PIXn00b Cisco 1 11-06-2006 11:02 PM
PIX 501 DNS Alias on interface for static IPs while port fowarding and DHCP? wonknose@gmail.com Cisco 3 04-29-2006 10:14 AM
DNS query to internal DNS server from static NAT host none Cisco 5 04-25-2006 03:11 AM
PIX - PIX VPN DNS Problem Stephen Evans Cisco 2 10-29-2003 07:50 PM



Advertisments