10-23-2018 09:47 AM
Hi expert,
Can anyone tell where I can find the doc. about the max session of Cisco ISR C1000 router?
Because I need to counter the NAT session before proposed the router.
Thanks for help!!
Solved! Go to Solution.
10-25-2018 10:29 AM
Max. Number of NAT sessions on the ISR1000: 512000
10-23-2018 01:53 PM
it all depends on RAM available in the device.
As per my understanding each NAT entry requires about 160 bytes of memory, the number of translations possible is limited by the amount of memory available on the router.
some NAT Faq :
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html
10-25-2018 10:29 AM
Max. Number of NAT sessions on the ISR1000: 512000
05-20-2024 12:56 AM
Hi everyone,
unfortunely it doesn't exceed 16385 nat session. this is what i'am experiencing just right now on cisco c1111-4p platform.
at this limit i start to have error PING sourced from an prived IP natted.
this is extract configuration :
ip dhcp excluded-address 172.16.0.1 172.16.0.11 // for internal need
!
ip dhcp pool NET // used because we have a lot of attendees
network 172.16.0.0 255.255.0.0
dns-server 8.8.8.8 8.8.4.4
default-router 172.16.0.1
!
!
interface GigabitEthernet0/0/0
description WAN
ip address x.x.x.x. 255.255.255.252
ip nbar protocol-discovery
ip nat outside
speed 1000
no negotiation auto
!
interface GigabitEthernet0/0/1
description LAN
ip address 172.16.0.1 255.255.0.0
ip nat inside
negotiation auto
!
ip nat pool POOL X.X.X.X Y.Y.Y.Y netmask 255.255.255.252
ip nat inside source static tcp 172.16.0.10 8443 IP of GigabitEthernet0/0/0(WAN) 8443 extendable
ip nat inside source list 1 pool POOL overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
kron occurrence clear_nat in 15 recurring // obejcetif of th kron to clear nat automatically
policy-list clear_nat
!
kron policy-list clear_nat
cli clear ip nat trans *
!
ip access-list standard 1
10 permit 172.16.0.0 0.0.255.255
!
!
05-20-2024 01:32 AM
Hello
@osw200051 wrote:
unfortunely it doesn't exceed 16385 nat session. this is what i'am experiencing just right now on cisco c1111-4p platform. at this limit i start to have error PING sourced from an prived IP natted.
Your rtr at present is arping for all external traffic due to the way you have your default static route pointing as the wan interface, basically you are stating that all wan traffic is directly connected.
Also you could try appending endpoint mapping, which will tell the nat to reuse the same source ip/port from the same host for different traffic flows
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 x.x.x.x
ip nat service enable-sym-port
clear ip nat translations *
05-20-2024 02:05 AM
sorry for the misconfusion.
even if i change the ip route 0.0.0.0 0.0.0.0 x.x.x.x @ip OfTheNextHop. i got always max nat 16385 sessions in the table.
cdlt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide