cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1719
Views
0
Helpful
5
Replies
Participant

ASA 5580 PAT pool exhausted

Hi, in my ASA 5580 I have configured many NAT rules like this one:

nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 170.X.X.31

but I'm having trouble with it cause I'm seeing this in the log:

3    Dec 23 2007    23:53:48    202010    10.51.4.160    50043    68.67.178.173    443    PAT pool exhausted. Unable to create TCP connection from CMTS:10.51.4.160/50043 to OUTSIDE:68.67.178.173/443


%ASA-3-202010: [NAT | PAT] pool exhausted for pool-name, port range
[1-511 | 512-1023 | 1024-65535]. Unable to create protocol connection from
in-interface:src-ip/src-port to out-interface:dst-ip/dst-port
The ASA has no more address translation pools available.

that rule is for a CMTS that's providing internet access for about 3000 clients. I already changed public IP address but the problems is still there. That's the only NAT rule giving me this problem. Can anybody help me please??

Thanks in advance.

BR.

1 ACCEPTED SOLUTION

Accepted Solutions
Enthusiast

Hi, it seems you're running

Hi, it seems you're running out of ports for single IP address using by PAT.

Do you have free public IP addresses you can use for PAT?

If you have free public IP addresses configure PAT pool and reconfigure NAT rule: nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 pat-pool NEW-NAT-POOL

5 REPLIES 5
Enthusiast

Hi, it seems you're running

Hi, it seems you're running out of ports for single IP address using by PAT.

Do you have free public IP addresses you can use for PAT?

If you have free public IP addresses configure PAT pool and reconfigure NAT rule: nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 pat-pool NEW-NAT-POOL

Highlighted
Participant

I can use one or two more,

I can use one or two more, but what's the limit of ports for a single IP address using PAT ??

Thanks.

Enthusiast

Hi, it's 65535 source ports

Hi, it's 65535 source ports for single IP address.

ASA will use client's source port number if it's available.

If the client's source port has already been used ASA will assign first free source port from the relevant pool: 1-511, 512 to 1023, and 1024 to 65535.

Participant

I thought so, and that's why

I thought so, and that's why found rear that pool was exhausted....

Thanks!!!!

Enthusiast

You're welcome :)

You're welcome :)

Thanks for rating!