Solved: Max NAT session for Cisco c1000 ISR router

osw200051 · ‎10-23-2018

Hi expert,

Can anyone tell where I can find the doc. about the max session of Cisco ISR C1000 router?

Because I need to counter the NAT session before proposed the router.

Thanks for help!!

mesehar · ‎10-25-2018

Max. Number of NAT sessions on the ISR1000: 512000

View solution in original post

balaji.bandi · ‎10-23-2018

it all depends on RAM available in the device.

As per my understanding each NAT entry requires about 160 bytes of memory, the number of translations possible is limited by the amount of memory available on the router.

some NAT Faq :

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mesehar · ‎10-25-2018

Max. Number of NAT sessions on the ISR1000: 512000

m-zougari · ‎05-20-2024

Hi everyone,

unfortunely it doesn't exceed 16385 nat session. this is what i'am experiencing just right now on cisco c1111-4p platform.

at this limit i start to have error PING sourced from an prived IP natted.

this is extract configuration :

ip dhcp excluded-address 172.16.0.1 172.16.0.11 // for internal need
!

ip dhcp pool NET // used because we have a lot of attendees
network 172.16.0.0 255.255.0.0
dns-server 8.8.8.8 8.8.4.4
default-router 172.16.0.1
!
!

interface GigabitEthernet0/0/0
description WAN
ip address x.x.x.x. 255.255.255.252
ip nbar protocol-discovery
ip nat outside
speed 1000
no negotiation auto
!
interface GigabitEthernet0/0/1
description LAN
ip address 172.16.0.1 255.255.0.0
ip nat inside
negotiation auto
!

ip nat pool POOL X.X.X.X Y.Y.Y.Y netmask 255.255.255.252
ip nat inside source static tcp 172.16.0.10 8443 IP of GigabitEthernet0/0/0(WAN) 8443 extendable
ip nat inside source list 1 pool POOL overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
kron occurrence clear_nat in 15 recurring // obejcetif of th kron to clear nat automatically
policy-list clear_nat
!
kron policy-list clear_nat
cli clear ip nat trans *
!
ip access-list standard 1
10 permit 172.16.0.0 0.0.255.255
!
!

paul driver · ‎05-20-2024

Hello

@osw200051 wrote:

unfortunely it doesn't exceed 16385 nat session. this is what i'am experiencing just right now on cisco c1111-4p platform. at this limit i start to have error PING sourced from an prived IP natted.

Your rtr at present is arping for all external traffic due to the way you have your default static route pointing as the wan interface, basically you are stating that all wan traffic is directly connected.

Also you could try appending endpoint mapping, which will tell the nat to reuse the same source ip/port from the same host for different traffic flows

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 x.x.x.x

ip nat service enable-sym-port
clear ip nat translations *

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

m-zougari · ‎05-20-2024

sorry for the misconfusion.

even if i change the ip route 0.0.0.0 0.0.0.0 x.x.x.x @ip OfTheNextHop. i got always max nat 16385 sessions in the table.

cdlt