> I'm wondering what NAT gives me over PAT. On my PIX I believe it
>can do 65,000 translations on PAT. If I have <100 users behind it
>what is the advantage of using NAT?
>
>Duncan
First, you are slightly high on the architectural limit of the number
of port translations that are possible on one IP address. The basic
limit is the 16-bit port number field, with a maximum of 65535. 2K
of that space, however, is reserved for well-known and registered
ports.
Second, for any NAT-family mechanism, you may have higher-layer
protocol confusions with reverse DNS, etc., if multiple application
services are associated with the same address. I'm no HTTP expert,
but I understand that HTTP 1.0 has definite problems here. Might be
less of an issue if you only have outgoing clients.
Third, especially if you have UDP-based applications, some ports may
not be available periodically because the protocol driver holds them
inactive until a timer expires. For UDP, this imposes
pseudo-sessions to avoid multiple processes using the same
address/port. If you dig into TCP, however, you will find the
TCP-WAIT timer also affects availability of ports.
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
