PIX static + dns related questions

Discussion in 'Cisco' started by mcaissie, Mar 1, 2005.

  1. mcaissie

    mcaissie Guest

    Hi all ,

    First is there a limit in the number of translation a PIX 520 can have at
    the same time ?
    We have VPNs with remote sites, and we want to modify the configs to use
    2-way NAT
    on both inside IPs to avoid future address overlapping .

    Both NAT rules would be applied on the central PIX520 to minimize
    configuration
    at the remote sites. This mean that 2 translations per connection would be
    established in
    the PIX. For now we have around 1000 simultaneous connections , this would
    lead to 2000
    simultaneous translations . We can expect simultaneous connections to rise
    to 5000 in the
    near future, meaning 10 000 simultaneous translations. Could this be a
    bottle-neck
    or it's no big deal for a 520 ( unrestricted).


    Also , we plan to use the dns doctoring feature of the PIX on both ways .
    Tested in lab , works great . My concern is , is this a feature mature and
    robust
    enough , for the whole wan name resolutions to rely on ?

    thanks
    mcaissie, Mar 1, 2005
    #1
    1. Advertising

  2. mcaissie

    Brian Guest

    Assuming that you're using PAT (all addresses translated to a port
    number on a single IP address) then the number of possible translations
    is somewhere in th 64,000 range, so you should be fine. Each
    translation takes about 8 bytes of memory if I recall correctly, so
    that shouldn't be a problem on a 520.

    Someone else will have to answer the DNS doctoring question.
    Brian, Mar 1, 2005
    #2
    1. Advertising

  3. mcaissie

    mcaissie Guest

    "Brian" <> wrote in message
    news:...
    > Assuming that you're using PAT (all addresses translated to a port
    > number on a single IP address) then the number of possible translations
    > is somewhere in th 64,000 range, so you should be fine. Each
    > translation takes about 8 bytes of memory if I recall correctly, so
    > that shouldn't be a problem on a 520.


    If fact , i will have a static statement per subnet to translate so there
    will be no PAT.
    But it's a good indication that if the PIX can support over 64000 PAT it
    should not
    have to much problem to handle 10 000 NAT


    >
    > Someone else will have to answer the DNS doctoring question.
    >
    mcaissie, Mar 1, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nieuws Xs4all
    Replies:
    0
    Views:
    595
    Nieuws Xs4all
    May 26, 2005
  2. Nieuws Xs4all
    Replies:
    2
    Views:
    1,596
    Jan-Willem
    May 26, 2005
  3. none
    Replies:
    5
    Views:
    3,143
  4. Replies:
    3
    Views:
    3,913
  5. PIXn00b

    PIX static IP and DNS

    PIXn00b, Nov 6, 2006, in forum: Cisco
    Replies:
    1
    Views:
    466
    PIXn00b
    Nov 6, 2006
Loading...

Share This Page