HELLO.

We are using nat dinamic in a router to gain access to internet.

When we use the command:

sh ip nat translation

we can see users using 3 or 4 ip nat static from the pool.

is it normal that some users use more tha 1 ip nat ip address or is probably a problem with threat, troyan, malware ?

This is appears in the screenshoot:

tcp 10.90.5.238:1449      10.2.132.24:1449      10.1.240.52:139       10.1.240.52:139

tcp 10.90.5.195:2382      10.2.132.24:2382      10.1.240.52:139       10.1.240.52:139

tcp 10.90.5.195:2384      10.2.132.24:2384      190.236.2.103:5938    190.236.2.103:5938

tcp 10.90.5.238:2394      10.2.132.24:2394      74.125.229.49:80      74.125.229.49:80

tcp 10.90.5.238:2397      10.2.132.24:2397      74.125.229.49:80      74.125.229.49:80

tcp 10.90.5.238:2399      10.2.132.24:2399      74.125.229.37:80      74.125.229.37:80

tcp 10.90.5.195:4500      10.2.132.24:4500      10.1.240.52:139       10.1.240.52:139

The configuration is as follow:

ip nat pool POOL_132 10.90.5.129 10.90.5.254 netmask 255.255.255.128

ip nat inside source route-map POOL_132 pool POOL_132 reversible

!
route-map POOL_132 permit 10
match ip address LAN_132
!

ip access-list extended LAN_132
permit ip 10.2.132.0 0.0.0.255 host 10.1.240.50
permit ip 10.2.132.0 0.0.0.255 host 10.1.240.51
permit ip 10.2.132.0 0.0.0.255 host 10.1.240.52
permit ip 10.2.132.0 0.0.0.255 host 10.1.240.53
permit ip 10.2.132.0 0.0.0.255 host 10.1.240.54
permit ip 10.2.132.0 0.0.0.255 host 10.1.240.55
deny   ip 10.2.132.0 0.0.0.255 10.1.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.16.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.23.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.17.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.61.1.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 10.61.2.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 10.246.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.203.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.213.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.207.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.234.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.100.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.110.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.111.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.144.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.120.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.130.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.150.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.152.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.160.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.184.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.163.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.183.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.242.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.3.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.4.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.49.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.5.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.52.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.60.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.60.3.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 10.7.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 10.72.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 172.16.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 172.17.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 172.18.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 172.24.111.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 172.26.101.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 172.30.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 192.168.0.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 192.168.2.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 192.168.4.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 192.168.104.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 192.168.1.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 192.168.13.0 0.0.0.255
deny   ip 10.2.132.0 0.0.0.255 host 184.50.214.54
deny   ip 10.2.132.0 0.0.0.255 host 190.12.83.141
deny   ip 10.2.132.0 0.0.0.255 host 192.168.106.133
deny   ip 10.2.132.0 0.0.0.255 host 192.168.92.20
deny   ip 10.2.132.0 0.0.0.255 host 192.168.60.6
deny   ip 10.2.132.0 0.0.0.255 host 192.168.60.8
deny   ip 10.2.132.0 0.0.0.255 host 192.168.60.22
deny   ip 10.2.132.0 0.0.0.255 host 192.168.20.23
deny   ip 10.2.132.0 0.0.0.255 host 192.168.103.10
deny   ip 10.2.132.0 0.0.0.255 host 192.168.105.12
deny   ip 10.2.132.0 0.0.0.255 host 192.168.105.10
deny   ip 10.2.132.0 0.0.0.255 host 192.168.106.21
deny   ip 10.2.132.0 0.0.0.255 host 192.168.106.16
deny   ip 10.2.132.0 0.0.0.255 10.243.0.0 0.0.255.255
deny   ip 10.2.132.0 0.0.0.255 host 192.168.2.47
deny   ip host 10.2.101.35 host 200.106.48.149
permit ip 10.2.132.0 0.0.0.255 any

If this behaviro is normal, plesea advise me.

Thanking you in advance,

Best regard.

Roger Majo