02-09-2016 05:55 PM - edited 03-05-2019 03:18 AM
Hi all,
What is the limitation of nat in 2921 or in ios routers in general?
Thanks,
Son
02-09-2016 05:58 PM
Note that the Cisco 2900 series has been replaced by the 4000 series.
The 2921 can probably manage 250Mb/s if it is only doing NAT with an IMIX spread. With large packets it should flat line the interface.
With the 4000 series you'll get whatever performance licence you pay for.
02-09-2016 06:10 PM
Hi phillip,
Thanks. This is not an issue with the bandwidth or utilization issue but on the number of translations happening. Show ip nat statistics says about 65k of translations and other translations wont be accepted after this. Is there a document stating limitations on this?
Thanks,
Son
02-09-2016 06:11 PM
Are you doing dynamic NAT to one external NAT or a pool of IP addresses?
02-09-2016 06:52 PM
Hi phillip,
Thanks for assisting and the info. I tried using the timeout, from 24h to 15 mins. Lets see if this will help, if it is then that's the only solution.
02-09-2016 07:05 PM
If you think it was helpful if would be great if you could rate my answer. :-)
02-09-2016 06:21 PM
If you are doing dynamic NAT to one public IP address then are you limited by the number of TCP/UDP ports available, and that limits is around 65000. Nothing you can do about that, it is a fundamental restriction of TCP/IP.
If fact, if you are NATing anything to one IP address you will face the same restriction.
If you have a pool of IP addresses then the limit increases by the number of addresses in your pool.
You can also limit the number of translations with commands like:
ip nat translation max-entries all-host xxx
ip nat translation max-entries host a.b.c.d xxx
The first one is quite good from stopping run-away hosts eating up all the translation entries.
05-10-2018 08:54 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide