topic PAT with Pool in Network Security

PAT with Pool

Mohamed Shafeer Kunhu — Tue, 12 Mar 2019 01:36:41 GMT

Hi,

We are having an ASA running on 8.2

We are planning for natting three /16 subnets with one /24 public IP pool.

global (outside) 10 88.88.88.1 - 88.88.88.254

nat (inside) 10 172.16.0.0 255.255.0.0

nat (inside) 10 172.17.0.0 255.255.0.0

nat (inside) 10 172.18.0.0 255.255.0.0

so when the traffic comes from inside the first nat will happen with public IP 88.88.88.1

we need to know how and when the natting will happen with next public IP.

Can we control the threshold ?

Thanks,

Mohamed Shafeer

PAT with Pool

cadet alain — Tue, 30 Apr 2013 09:58:21 GMT

Hi,

depending on the code version it will not necessarily take the second IP in the pool.

when another host needs to be natted then it will take another IP and the translations timeout after 3 hours by default if I'm not mistaken but you can modify this with the timeout xlate command.

Regards

Alain

Don't forget to rate helpful posts.

PAT with Pool

Ajay Saini — Wed, 01 May 2013 03:17:59 GMT

The first inside user takes 88.88.88.1, second takes 88.88.88.2 and so on and when the last ip address 88.88.88.254 is taken, no more inside hosts will be able to go outside.

So, essentially, it will be one to one mapping and not PAT.

To effectively use PAT, we can do following:

global (outside) 10 88.88.88.1 - 88.88.88.253

global (outside) 10 88.88.88.254

First the pool will be exhausted and then all the inside users are patted on 88.88.88.254 and 65535 such xlates on this ip would be possible.

HTH