08-07-2017 11:37 AM - edited 03-12-2019 02:47 AM
Hi, in my ASA 5580 I have configured many NAT rules like this one:
nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 170.X.X.31
but I'm having trouble with it cause I'm seeing this in the log:
3 Dec 23 2007 23:53:48 202010 10.51.4.160 50043 68.67.178.173 443 PAT pool exhausted. Unable to create TCP connection from CMTS:10.51.4.160/50043 to OUTSIDE:68.67.178.173/443
%ASA-3-202010: [NAT | PAT] pool exhausted for pool-name, port range
[1-511 | 512-1023 | 1024-65535]. Unable to create protocol connection from
in-interface:src-ip/src-port to out-interface:dst-ip/dst-port
The ASA has no more address translation pools available.
that rule is for a CMTS that's providing internet access for about 3000 clients. I already changed public IP address but the problems is still there. That's the only NAT rule giving me this problem. Can anybody help me please??
Thanks in advance.
BR.
Solved! Go to Solution.
08-07-2017 11:48 AM
Hi, it seems you're running out of ports for single IP address using by PAT.
Do you have free public IP addresses you can use for PAT?
If you have free public IP addresses configure PAT pool and reconfigure NAT rule: nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 pat-pool NEW-NAT-POOL
08-07-2017 11:48 AM
Hi, it seems you're running out of ports for single IP address using by PAT.
Do you have free public IP addresses you can use for PAT?
If you have free public IP addresses configure PAT pool and reconfigure NAT rule: nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 pat-pool NEW-NAT-POOL
08-07-2017 11:57 AM
I can use one or two more, but what's the limit of ports for a single IP address using PAT ??
Thanks.
08-07-2017 09:05 PM
Hi, it's 65535 source ports for single IP address.
ASA will use client's source port number if it's available.
If the client's source port has already been used ASA will assign first free source port from the relevant pool: 1-511, 512 to 1023, and 1024 to 65535.
08-08-2017 07:42 AM
I thought so, and that's why found rear that pool was exhausted....
Thanks!!!!
08-08-2017 09:52 AM
You're welcome :)
Thanks for rating!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide