Showing results for 
Search instead for 
Did you mean: 

PAT Pool Exhaustion on FTD 2130 after migration from ASA

Eric R. Jones

We migrated from Cisco ASA 5585 version 9.8 to FTD 2130 version 6.2.

We recently upgraded to 6.7 on the FTD.

The ASA had manually configured class maps,  one addressing embryonic and half closed connection timeouts.

We upgraded the FTD/FMC on the 27th of Feb.

On the 28th of Feb we started getting PAT Pool Exhausted errors.

For the past 2 months we spent time looking for the answer.

Through troubleshooting efforts I found that our sister site didn't have that same class map configuration and they weren't experiencing the issue.

Through some more research I found that this class map, now known as a service policy, was not really needed.

The new OS has these policies baked in to the platform settings.

I removed it from the policy, ran clear xlate on the device and then watched it.

Prior to this change connections went from 0 to over 10,000 in less than a couple of hours.

Now with this change they haven't gone above 6500.

We have over 2000 users so I think we're good.


0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers