Double-NAT is especially bad when you are using 2-way connectionless protocols like IPSEC, GRE, UDP etc. Most applications use TCP and, as a result, don't have a problem with it. I regularly see double-NAT situations these days, as many ISPs distribute their modems in routed mode. Many cable modems aren't configurable by the end user, so to have it "bridged" you have to call in to the ISP and have them do it.<div>
<br></div><div>One real-life example of issues with double NAT is -- as I mentioned above -- IPSEC. In deploying IPSEC VPN routers for remote employees, I've found that double-NAT causes problems with the ISAKMP key re-negotiation process, which ends up making the routers need restarted to re-establish after a key change (every six hours, for example). This results in a need to power cycle equipment every 6hrs.</div>
<div><br></div><div>A lot of software these days take advantage of SSDP support in routers to open up ports. This will happen for the router closest to the application, but not the one that is actually out in front. When forced to use 2 NATs I usually end up putting the second router in the "DMZ" of the one out "in front."<br>
<br><div class="gmail_quote">On Sun, Aug 7, 2011 at 1:04 PM, Vince Herried <span dir="ltr"><<a href="mailto:vince@planetvince.info">vince@planetvince.info</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<b>I"m not a networking expert.</b><br><br>Every now and then I get consulted about a home network and lately it seems that there are two routers involved.<br>In the latest example a person has a cable modem ( Motorola SB5100 ) / router connected to a vonage box<br>
then connected to another router. She wants to dump her router and buy one with more ports. At present<br>no WIFI is involved. I suggested a switch or even a hub rather than another router.<br>I sent them following image.<br>
<br><a href="https://docs.google.com/drawings/d/1mw66Z8FzkwC8O8AGVmRmRBJ3mpUt_uqqoBhE7yyliBQ/edit" target="_blank">https://docs.google.com/drawings/d/1mw66Z8FzkwC8O8AGVmRmRBJ3mpUt_uqqoBhE7yyliBQ/edit</a><br><br>Modem -> Vonage -> Router ( assuming connected to WAN port) -> devices....<br>
<br><br>So what is going on here, I have always thought that having two routers in series was bad!<br>The manual for the SB5100 shows a simple graphic showing the output plugged into a switch or hub with up to 32 devices so<br>
obviously it is a router ( with a single RJ45 output ). Apparently there is no web interface to this SB5100.<br><br clear="all"><br>What kind of real life issues are there when you have two NATs going on at the same time.<br>
Obviously it can't be as bad as I thought, because it has been running that way for years.<br><br><br>BTW: My system topology is modem/router -> LAN port of a WIFI router ( DHCP disabled ) -> switch ( I ran out of ports )<br>
<br>approximately like this graphic.<br><a href="https://docs.google.com/drawings/d/1--ib9LAZ-yvVw8BXlv2tHhp8COXM5aE5dwC-mPoUskU/edit?authkey=CKOCot4D&hl=en_US" target="_blank">https://docs.google.com/drawings/d/1--ib9LAZ-yvVw8BXlv2tHhp8COXM5aE5dwC-mPoUskU/edit?authkey=CKOCot4D&hl=en_US</a><br>
<br>Do manufacturers continue to make modem/routers with a single port which seems to encourage this misuse?<br>We can't expect the home user to, gasp, read the owners manual can we.<br><br><br>Any one have any real life explanations of problems caused by two NATS?<br>
<br>---- <br>I just ordered a new fancy WIFI box with a bunch of goodies ( router of course, bit torrent, uPnP, FTP, ... )<br>I guess I'm just going to have to bite the bullet and see what I can break by<br>miss configuring it. ( router -> another router -> devices )<br>
<br>If I'm all wet, let the flames arise.<br><font color="#888888"><br>-- <br>Vince Herried<br><a href="mailto:Vince@planetvince.info" target="_blank">Vince@planetvince.info</a><br><br>
</font><br>_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
<br></blockquote></div><br></div>