PIX 515E - How many entries can a NAT table have?

Cristian Iconaru · ‎10-30-2012

Hi guys,

does anyone know how big the NAT tabel for a PIX515E is?

how many entries can it have?

Thanks.

Collin Clark · ‎10-30-2012

It's a memory limitation, not a license limitation. In a 515 it's a decent amount. How many do you have? What does show memory look like?

Cristian Iconaru · ‎10-30-2012

Hi Collin,

thanks for the reply.

#show memory

Free memory: 57864384 bytes (43%)

Used memory: 76353344 bytes (57%)

------------- ----------------

Total memory: 134217728 bytes (100%)

Cisco PIX Security Appliance Software Version 8.0(4)32

Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

how many can it have?

thanks.

Collin Clark · ‎10-30-2012

There is no hard number and going by free memory it's still a best guess. You're using just over half your memory so I would say 500 more or so. ESTIMATED GUESS though.

Cristian Iconaru · ‎10-31-2012

ok.

right now i have 89 static NATs and PAT on the outside interface.

sh xlate

89 in use, 89 most used

sh conn

658 in use, 2048 most used

could the conn fill the NAT table?

Thanks.

Collin Clark · ‎10-31-2012

The connection table is separate from the NAT table.

Cristian Iconaru · ‎10-31-2012

right.

but if a connection gets through, a xlate entry is recorded, isn't it?

thanks.

Collin Clark · ‎10-31-2012

Yes it does

Cristian Iconaru · ‎10-31-2012

so if I have 900 in use connections in sh conn, does it mean, I have 900 entries in xlate?

Thanks.

Collin Clark · ‎10-31-2012

Not necessarily. You can have multiple TCP streams in a single NAT translation. Those streams would be from the same client to the same server. For example, if a client connects to your webserver, it will create a TCP connection for the web page. It may also create another TCP connection for an image on the web page.

Cristian Iconaru · ‎10-31-2012

ok. thanks.