This does NOT match my previous experience. My experience has been that
IOS seems to use NAT (not overloaded) until all pool addresses are used
then start overloading the last one. I dont know what happens once all
when this address gets maxed out.
The only reason we noticed this was due to the fact that we were running
port sentry on a number of unix hosts and noticed that periodically random
machines were being port scanned from outside our net (something that
should not be able to occur if PAT is being used). We finally tracked it
down to NAT (single outside IP to single inside IP) entries appearing in
our NAT translations tables on the router.
The only solution that we (or TAC) could come up with was to reduce the NAT
pool to a single IP.
Peter Walker
CISSP, CCN[NID]P, CSS1, CIPPTS, etc
--On 09 January 2003 20:15 +0000 Doug S wrote:
> The way PAT works when overloading multiple addresses is to overload the
> first address in the pool until ALL port numbers are used up. I can't
> point you to any publicly available documentation on this, but cut and
> pasted from Network Academy curriculum:
>
> "However, on a Cisco IOS router, NAT will
> overload the first address in the pool until
> it's maxed out, and then move on to the
> second address, and so on."
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60800&t=60663
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
