PAT with Pool

Mohamed Shafeer Kunhu · ‎04-30-2013

Hi,

We are having an ASA running on 8.2

We are planning for natting three /16 subnets with one /24 public IP pool.

global (outside) 10 88.88.88.1 - 88.88.88.254

nat (inside) 10 172.16.0.0 255.255.0.0

nat (inside) 10 172.17.0.0 255.255.0.0

nat (inside) 10 172.18.0.0 255.255.0.0

so when the traffic comes from inside the first nat will happen with public IP 88.88.88.1

we need to know how and when the natting will happen with next public IP.

Can we control the threshold ?

Thanks,

Mohamed Shafeer

cadet alain · ‎04-30-2013

Hi,

depending on the code version it will not necessarily take the second IP in the pool.

when another host needs to be natted then it will take another IP and the translations timeout after 3 hours by default if I'm not mistaken but you can modify this with the timeout xlate command.

Regards

Alain

Don't forget to rate helpful posts.

Ajay Saini · ‎04-30-2013

The first inside user takes 88.88.88.1, second takes 88.88.88.2 and so on and when the last ip address 88.88.88.254 is taken, no more inside hosts will be able to go outside.

So, essentially, it will be one to one mapping and not PAT.

To effectively use PAT, we can do following:

global (outside) 10 88.88.88.1 - 88.88.88.253

global (outside) 10 88.88.88.254

First the pool will be exhausted and then all the inside users are patted on 88.88.88.254 and 65535 such xlates on this ip would be possible.

-

HTH

AJ