Re: PAT in PIX

ciscoforum · ‎08-24-2006

In PIX when use PAT, what is the maximum translation number? In other word, how many IP addresses can be translated to 1 public address concurrently? Thanks

a.kiprawih · ‎08-24-2006

Hi,

Theoritically, PAT lets up to 65,535 hosts start connections to the outside. This means that 1 Public IP = 65,535 internal hosts/IPs (from different subnet)

At the same time, PAT has up to 65,535 ports that are available for making connections. Each port number uniquely identifies each connection. This means you can also have fewer than 65,535 hosts/IPs to make use of all the 65,535 available ports.

In other words, your option is to have 65,535 hosts to use single Public IP to make outbound/internet connection, provided each of them use only 1 port/session. Or, you can have smaller subnets to make use the available 65,535 ports. As you know, one (1) internal host/client can always make multiple connection to outside/internet, therefore, the total no of 65,535 hosts/IPs might not be an ideal case, and it's huge as well.

Technically, if I am mistaken, it is recommended to limit the no of hosts/IPs to 4,000 for a single Public IP@PAT.

That's why it is good to have multiple PAT or use PAT as backup for your first range of public IP.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb71e.html#wp997559

Rgds,

AK

grant.maynard · ‎08-26-2006

up to 64,000 translations to one IP (it doesn't use the first 1024). We once had a PIX with many thousand PAT xlates which was fine, problem was the application did not like port numbers above 65,000.

rameshwarhiwale · ‎08-29-2006

If u hv ip public ip and want more thwn one ip to be translate then use of PAT.