Showing results for 
Search instead for 
Did you mean: 

ASR1K and Large Scale NAT


Hi All,

I am using ASR1004 for address translation for my subscribers. I have a problem that nat translation session is already a half (1 million) of what ASR1K ESP20 limitation (2 million session). Below is the output of "show ip nat statistics":

Total active translations: 1066570 (31 static, 1066539 dynamic; 1066506 extended)

Outside interfaces:TenGigabitEthernet0/1/0

Inside interfaces:

TenGigabitEthernet0/0/0.200, TenGigabitEthernet0/0/0.300

Hits: 716003894051  Misses: 10196539490

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 10430579015

Dynamic mappings:

-- Inside Source

[Id: 7] route-map NATuser pool New-Pool refcount 1066163

pool New-Pool: netmask

start end

type generic, total addresses 8190, allocated 2516 (30%), misses 0

nat-limit statistics:

max entry: max allowed 10000000, used 1066539, missed 0

Pool stats drop: 0  Mapping stats drop: 0

Port block alloc fail: 0

IP alias add fail: 0

Limit entry add fail: 0

My question is, how to decrease this entry without causing harm to the subs? I have seen these commands:

ip nat translation [timeout|tcp-timeout|...] --> will this command delete idle NAT session or any particular NAT session

ip nat transation max-enries ....    --> I understand that this will limit session a host/group of host can make. But if the threshold is exceeded, what will happen to the host? Say for example max entriy for a host is 10, what if a host want to make 11 session? What will happen with the last session.

I also have read about carier grade NAT/ large scale NAT, but have not found detail document. Could someone direct me? Or maybe someone can share their experience with NAT in service provider.



1 Reply 1



if you use CGN (licence required) less memory is required, at least this is what I think.

"In CGN, packets that traverse from inside the network to outside require only the source address port translation; destination address port translation is not required"

Do you have PPPoE subscribers or IPoE (DHCP) subscribers?

I see that there are restrictions with BB and CGN.

Restrictions for Carrier Grade Network Address Translation

  • Asymmetric routing with box-to-box (B2B) redundancy is not supported in Carrier Grade Network Address Translation (CGN) mode.

  • B2B redundancy is not supported on broadband with CGN; B2B is supported on standalone CGN.

  • Broadband is not supported with traditional NAT.

  • CGN does not support IP sessions.

  • NAT outside mappings are disabled automatically when CGN operating mode is configured using the ip nat settings mode cgn command.
  • CGN does not support integration with Cisco Performance Routing (PfR). Commands with the oer keyword are not supported. For example, the ip nat inside source route-map pool overload oer and the ip nat inside source list pool overload oer commands are not supported.

  • The match-in-vrf keyword for intra-VPN NAT is not supported with CGN.

p.s. I know that your post is 4 years old :D

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: