Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11551
Views
0
Helpful
4
Replies

Maximum concurrent NAT sessions for PAT overload

zawminhtann
Level 1
Level 1

‎06-08-2015 11:34 PM - edited ‎03-08-2019 12:27 AM

What is the maximum concurrent NAT sessions for PAT overload of Cisco Router with Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.3(3)M4, RELEASE SOFTWARE (fc2) ?

Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

‎06-09-2015 12:16 AM

Hi it actually depends on memory in the device hardware not the running IOS

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html

How many concurrent NAT sessions are supported in Cisco IOS NAT?

 

A. The NAT session limit is bounded by the amount of available DRAM in the router. Each NAT translation consumes about 312 bytes in DRAM. As a result, 10,000 translations (more than would generally be handled on a single router) consume about 3 MB. Therefore, typical routing hardware has more than enough memory to support thousands of NAT translations.

0 Helpful

zawminhtann
Level 1
Level 1
In response to Mark Malone

‎06-09-2015 08:46 AM

Hi Mark ,

Router Model is 3945e and using C3900e Software (C3900e-UNIVERSALK9-M), Version 15.3(3)M4 version. The issues is when  Total active translations is 66*** value , facing internet slowness and no access. No latency or No packet drop . no counter value on both inside and outside interface. current user is around 300++. bro . I think the issue will be NAT overload config because  PAT have 65535 port for one IP address. We have completely same setup in 32 places but this one is very high user count and high congestion .Currently temporary solution was adjust the NAT time out default value (24 hours) to some short time value and watch out the outcome .Thanks

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to zawminhtann

‎06-09-2015 09:26 AM

Hi am i reading that correctly you have 66000 active NAT/PAT connections,  UDP connections should time out by default after 5 minutes but the TCP will stay for 24hours by default

Honestly never seen it that high if thats the case i would try to reduce them as you said pat can only handle 65535 as thats the amount of ports available so if your over that i would suspect there would be issues with connectivity

0 Helpful

zawminhtann
Level 1
Level 1
In response to Mark Malone

‎06-12-2015 12:18 AM - edited ‎01-28-2019 09:09 PM

Hi Mark ,
Now attached the log file for Active NAT Translation take around 30 mins within 6 hours period for your information .I never did edit for this log expect the router name only . we did the timeout value for tcp is 3600 and udp is 300 as work around solution and now still ok .
Thanks for your advice.

0 Helpful
Customers Also Viewed These Support Documents