Behavior of Cisco PAT/NAT?
If I set up a NAT pool of only 1 address, the router/pix uses PAT. Under PAT, I can have 65K hosts (or connections from hosts) connecting to the internet. If I set up a NAT pool of more than 1 address, the router/pix uses NAT. Under NAT, I can have 1 host per address in the NAT pool. Does this sound right? I have two available address to get my users out with. If I put them both in a pool, will I only get two out at a time, or will it allow 65K connections per address in the pool? The documentation seems fuzzy on this. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Behavior of Cisco PAT/NAT?
There is an argument in the firewall that permits PATting of a NAT pool. The argument goes at the end of the nat pool statement and is "overload" IE: ip nat inside source list access-list-number interface interface overload This allows the firewall to PAT addresses when in runs out of "unique" addresses in the nat pool. Charles Henson ""Benjamin Walling"" [EMAIL PROTECTED] wrote in message 9131aa$fg1$[EMAIL PROTECTED]">news:9131aa$fg1$[EMAIL PROTECTED]... If I set up a NAT pool of only 1 address, the router/pix uses PAT. Under PAT, I can have 65K hosts (or connections from hosts) connecting to the internet. If I set up a NAT pool of more than 1 address, the router/pix uses NAT. Under NAT, I can have 1 host per address in the NAT pool. Does this sound right? I have two available address to get my users out with. If I put them both in a pool, will I only get two out at a time, or will it allow 65K connections per address in the pool? The documentation seems fuzzy on this. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Behavior of Cisco PAT/NAT?
Your users will will get 1 host per address under NAT unless you specifiy overload command. I beleive then that any additioanl users will use the last address in the pool and PAT on that address. -Original Message- From: Benjamin Walling [mailto:[EMAIL PROTECTED]] Sent: Monday, December 11, 2000 10:52 AM To: [EMAIL PROTECTED] Subject: Behavior of Cisco PAT/NAT? If I set up a NAT pool of only 1 address, the router/pix uses PAT. Under PAT, I can have 65K hosts (or connections from hosts) connecting to the internet. If I set up a NAT pool of more than 1 address, the router/pix uses NAT. Under NAT, I can have 1 host per address in the NAT pool. Does this sound right? I have two available address to get my users out with. If I put them both in a pool, will I only get two out at a time, or will it allow 65K connections per address in the pool? The documentation seems fuzzy on this. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Behavior of Cisco PAT/NAT?
You will want to use the overload parameter. Here is the syntax, notice that
the overload parameter is optional:
ip nat inside source {list {access-list-number | name} pool name [overload]
| static local-ip global-ip}
Here is what overload does:
"You can conserve addresses in the inside global address pool by allowing
the router to use one global address for many local addresses. When this
overloading is configured, the router maintains enough information from
higher-level protocols (for example, TCP or UDP port numbers) to translate
the global address back to the correct local address. When multiple local
addresses map to one global address, the TCP or UDP port numbers of each
inside host distinguish between the local addresses."
Regards,
David Wolsefer
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Benjamin Walling
Sent: Monday, December 11, 2000 7:52 AM
To: [EMAIL PROTECTED]
Subject: Behavior of Cisco PAT/NAT?
If I set up a NAT pool of only 1 address, the router/pix uses PAT. Under
PAT, I can have 65K hosts (or connections from hosts) connecting to the
internet.
If I set up a NAT pool of more than 1 address, the router/pix uses NAT.
Under NAT, I can have 1 host per address in the NAT pool.
Does this sound right? I have two available address to get my users out
with. If I put them both in a pool, will I only get two out at a time, or
will it allow 65K connections per address in the pool? The documentation
seems fuzzy on this.
_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Behavior of Cisco PAT/NAT?
On Mon, 11 Dec 2000, Benjamin Walling wrote: If I set up a NAT pool of only 1 address, the router/pix uses PAT. Under PAT, I can have 65K hosts (or connections from hosts) connecting to the internet. If I set up a NAT pool of more than 1 address, the router/pix uses NAT. Under NAT, I can have 1 host per address in the NAT pool. Does this sound right? I have two available address to get my users out with. If I put them both in a pool, will I only get two out at a time, or will it allow 65K connections per address in the pool? The documentation seems fuzzy on this. If you specify "overload" then it will do PAT on any addresses/interfaces/pools specified (PAT). If you don't specify "overload" then it does a 1:1 mapping (NAT) So if you have two addresses, then use them and specify "overload". Also, I think the limits on PAT (realistically) are more like 8000 overloads per single address.but someone may correct me if I am wrong. Brian _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP+ATM, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
