Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
10
Helpful
0
Replies

ASA 5508 PAT Pool Exhausted on UDP connections

aron1
Level 1
Level 1

‎02-28-2022 02:17 PM - edited ‎02-28-2022 02:24 PM

I am receiving PAT pool exhausted messages after about 10-20 days uptime.
 
(x.x.x.x is the public IP address of the device.)
show xlate:
UDP PAT from inside: 10.111.27.82/57362 to outside: x.x.x.x(external IP address)/57362 flags ri idle 68:36:09 timeout 0:00:30
There are a lot of messages like this, and the UDP pat is really high, above 60.000 (after about 10-20 days uptime )
 
show nat pool:
(After 2d 4h uptime )UDP PAT pool outside, address x.x.x.x(external IP)., range 1024-65535, allocated 12853 
(After 4d 3h uptime) UDP PAT pool outside, address x.x.x.x(external IP), range 1024-65535, allocated 21124
 
On the xlate command I have seen mane messages with a very high idle value. I think somehow some connections are never timeouts, seems they are stuck.
 
Do you have any idea why the UDP PAT is is high?
 
Device details:
ASA 5508-X
ASA Version: 9.14(3)11
 
Best regards,
Aron
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card