Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1208
Views
0
Helpful
3
Replies

PAT overloading

Go to solution
mac_mac_net83
Level 1
Level 1

‎01-21-2021 03:29 PM

Hi Folks, 

 

Based on Cisco documentation about NAT, the following ports are used during the overloading process.

 

 When configuring for PAT (overloading), what is the maximum number of translations that can be created per inside global IP address?

 

A. PAT (overloading) divides the available ports per global IP address into three ranges: 0-511, 512-1023, and 1024-65535. PAT assigns a unique source port for each UDP or TCP session. It attempts to assign the same port value of the original request, but if the original source port has already been used, it starts scanning from the beginning of the particular port range to find the first available port and assigns it to the conversation. There is an exception for 12.2S code base. 12.2S code base uses different port logic, and there is no port reservation.

 

Let's say there are 10 tcp/udp applications and there are also 10 ports assigned during the PAT process. 

When this applications stop and the NAT timeouts, do the number of available ports for translation reverts back  to the original number as before? 

I am thinking if this is not the case, then there will come a time when all available ports are used up, then NAT exhaustion happens....

 

Is there a way to ensure , this does not happen?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-21-2021 11:53 PM

Hello @mac_mac_net83 ,

when NAT entries are aged out and removed from NAT table the involved ports are made free for use, otherwise PAT would not be a valid solution to save on public address space.

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-21-2021 11:53 PM

Hello @mac_mac_net83 ,

when NAT entries are aged out and removed from NAT table the involved ports are made free for use, otherwise PAT would not be a valid solution to save on public address space.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
mac_mac_net83
Level 1
Level 1
In response to Giuseppe Larosa

‎01-26-2021 03:31 PM

thank you @Giuseppe Larosa 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-22-2021 12:28 AM

Hello,

 

on a side note, I think ever since time, the NAT tcp translation timeout has been 86,400 seconds (24 hours). I wonder if that default value still makes sense in today's networking environment....after all, every entry uses up (a small amount of) memory, but still, why the 24 hours ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card