Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
0
Helpful
3
Replies

Using Dynamic NAT and PAT (overloading)

marc.russo
Level 1
Level 1

‎05-13-2015 01:14 PM - edited ‎03-05-2019 01:27 AM

I am running ASR1004's for NAT only.  I want to use both dynamic NAT and PAT.  Actually, what I want is a dynamic NAT pool of say 1000 or so addresses that will fall over to a PAT range if the address space in the dynamic NAT translations are exhausted.  Has anyone done this?  Is it even possible?  I'm having trouble finding examples on how to do this.

 

I would also be ok with PAT if I can assign a pool of addresses and be assured that the translations will use more than just one address.  Basically I don't want my entire network to be presented to the world as a single address.  In my initial tests with PAT everyone gets assigned to the same IP even though I have an entire class "C" for my pool.

 

Thanks,

 

Marc Russo

Labels:
0 Helpful
3 Replies 3

Edwin Matos
Level 1
Level 1

‎05-13-2015 07:32 PM

Marc,

How many users/IPs will be on the inside part? meaning how big of the site it is?

You could define and Dynamic Pool and then failing over Overload

192.168.1.1 - 253 map to 12.145.1.1 - 253 then

192.168.x.x overload to 12.145.1.254

But if I were you I will overload to 12.145.1.1 and .2, and don't use a dynamic pool unless you have a valid reason for it. You could you those address for you incoming traffic to you servers.

You can start with Dynamic nat then fail to Overload when you have exhausted your pool check link below.

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

 

0 Helpful

marc.russo
Level 1
Level 1
In response to Edwin Matos

‎05-14-2015 06:21 AM

Thanks for the reply Edwin. 

To answer your question we are a university and have approx 45,000 users.  Just on the wireless network alone we had over 100,000 devices registered last year (phones, laptops, ipads, etc).  We peak at around 30,000 simultaneous wireless connections and that does not include the wired side. 

 

We are not really in favor of using just a few IP's as this can cause outages for many users if an IP get's blocked upstream somewhere.  Since we serve a lot of students you can imagine what goes on that can lead to some of our IP's getting blocked.  We have enough public space to spread it around some...we just don't have enough to do pure dynamic NAT so we must use PAT at times. 

0 Helpful

Edwin Matos
Level 1
Level 1
In response to marc.russo

‎05-14-2015 06:39 AM

Marc,

You will need to created a pool let say for 10 or more of your external address. Then Overload on the pool instead of the interface as it is normally done. This will provided enough usage for the PAT. Meaning as soon as the first IP is fully use it will use the next one on the pool.

Check the link below.

https://supportforums.cisco.com/document/6861/pat

 

0 Helpful
Customers Also Viewed These Support Documents