I have CCR-1036 with DHCP server enabled. CCR is offering DHCP IP to customers in the range of 172.16.0.0/24. After successful authentication, customer is allocated Framed IP in the range of 10.20.0.0/24. Further I’m doing 1:2 natting in firewall. So IP address in the range of 10.20.0.0/24 will nat with public IP address. Again at customer end, customer is using natting in his broadband router.
In above scenario few applications like facetime, online games, IP cameras are not function.
Is it because double natting is happening and packets are getting dropped between CCR and customer router ?
Just to make sure, you’re accepting established connections back in and through the firewall correct?
If you are IPv4 address constrained you may consider deploying global unicast, public, IPv6 to your customer endpoints. You’ll find it very easy to get an allocation from your RIR. You are able to deploy IPv6 in multiple different ways. A common way is to simply overlay IPv6 on-top of your IPv4 deployment. This would provide you with a NAT-lite implementation. In other words public IPv6 and private IPv4. Alternatively you can go a bit more off the deep end and deploy only IPv6 to your customers and require them to use your NAT64 gateway and a DNS64 server in order to access the Internet. This would be an experience similar to the US cellular world. Almost all IPv4 on cellular is being heavily proxied or NAT’d whilst you get a public IPv6 address, although that IPv6 connection may still be proxied in the name of bandwidth savings.