cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1742
Views
0
Helpful
9
Replies

translation limit on pix/asa

suthomas1
Level 6
Level 6

Hi,

Is there any limits on amount of translation that pix/asa can handle concurrently. Any commands to see this & for correcting it.

Thanks.

9 Replies 9

andrew.prince
Level 10
Level 10

65535 is the limit for translation slots, this of course refers to PAT and not static NAT.

The limit is set by the amount of TCP/UDP ports numbers available in the TCP/IP stack.

HTH>

Correct.

If you're reaching the theoretical limit of translations, you should be investing in more IP's for further translations.

Ports 1024+ is available of the 65535 for each IP you use.

However please note:

Depending on your ASA/PIX your unit may have lower limits on max translations based on its processor and memory capabilities.

Also, just a heads up if youre using ASA5505, you have a host license, which can be 10, 50 or unlimited users going through the asa at the same time.

Can you please tell me how me how many muximum ip address can be natted with single public ip address.

1:1 NAT = 1

1:Many PAT = 65535

HTH>

Thnx Andrew,

Did you meen to say, i can nat 65535 IP addresses to one IP address?

Not really!! with a 1:many - you will be using Port Address Tranlsation. You could have 1000 internal IP addresses and NAT them to 1 external IP address - and the ASA will have a PAT translation table with specific translation ports.

You could only have 1 internal IP and you could make 10,000 seperate outbound connections to the internet and the same priciple applies.

For every seperate outbound connection, the ASA creates 1 x PAT table entry. So that would be 65535-1 = 65534 left.

HTH>

Thnx adrew,

If you have any document on this then please share with me.

Review Cisco Networking for a $25 gift card