Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1754
Views
0
Helpful
1
Replies

Maximum number of 1-1 Static nat entries on ASA 5515X or 5525X or greater?

arapley
Level 1
Level 1

‎08-08-2012 09:00 AM - edited ‎03-11-2019 04:39 PM

I have a FWSM cluster that I exceeded the maximum number of static nat entries on.  i migrated the connectivity off to a pair of PIX 535's that seem to be handling the adderess translation needs.  however the number of NAT entries being required is increasing and being the PIX series wal EOL'd several years back..I need to replace them..  The static 1-1 nat entries cannot be summarized into network as the hosts that are being nat'd are scattered all over various micro subnets in the all 3 rfc1918 ipv4 address ranges and they are being manged directly by snmp and SNMP-trap and other services that prohibit the use of many-to-one nat.   Is there a mknown maximum number of static 1-1 nat entries that can be defined on the ASA 5515-x, 5525=x and higher ASA firewalls?  Say I wanted to be able to grow to 2500 or more static 1-1 nat entries.  I am currently running 2010 1-1 static host nats currently.

-Andrew               

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎08-12-2012 07:41 PM

Andrew,

There is nothing documented, mainly it is because the firewall does not have a fix amount of memory to allocate the translations or various resources that it use. Basically the answer here is, depends on the amount of traffic, inspections, features and so on that you have enable.

Mostlikely the impact that you will see will be in the memory. Make sure you monitor that.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card