11-19-2001 09:49 PM - edited 02-20-2020 09:54 PM
I'm installing a firewall for a WISP and am trying to find a list of limitations of using PAT on the PIX525. The safe decision is NAT however, many public IP's are needed. If I choose PAT, how am I limiting Internet access?
11-20-2001 09:27 AM
The PIX can handle up to 64000 PAT connections, but in the real world you don't wont to PAT for more than about 4,000 - 5,000 connections. You can get very creative with this though. You can have multiple PAT pools and have each pool serve a single subnet on the inside. Or you can have a pool of NAT address to use and have the last address of the pool be a PAT.
11-26-2001 03:01 PM
Ontrack,
I am interested in learning more about the robustness of PAT. You say in real-world circumstances, no more than 4k-5k connections are desired in a PAT configuration. I presume this is per IP?
I am not an engineer, so please forgive my ignorance! I am an interested party in the use of PAT in a service environment.
My perception is that 4k-5k PAT connections for a single IP must see much more latency than a pool of IPs administered by dynamic NAT? Is this true, or is the inherent latency negligible?
Any insight you can lend is greatly appreciated.
11-27-2001 11:03 AM
The one thing I recall when we moved from NAT to PAT was a notice saying that certain multimedia applications, mainly in the streaming video category, had problems with PAT. In our environment, that wasn't too big a deal, and I have not heard any complaints to date. In an ISP environment, you may have more requirements in this area, though. If you search Cisco's website for PAT tips, I think you could find the exact tip somewhere in there.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide