NAT Pool
Hi all: I have 150 computers for connect to internet, I have to configure a nat pool to this connection, How many addresses I have to configure into the pool, for more efficient translation? Thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nat pool
Paco, I have used "overload" instead. That way you do not have to have a one to one relationshiip with you addressing scheme. You can even do it on a dial-up link to an isp that gives you a dynamic address. I did it for a client a while back. If you are not familiar, check the archives for "801" and "nat." I posted the config a while back. If you can't find it there, email me off-line and I will find it for you. I have it somewhere... Also, if you have the "ios dial solutions" book from ciscopress, they have a config. You may have to make some minor changes for your environment and the isp you connect to. But, I thought that was an easier solution. Just remember to block netbios, or your link will stay up all the time. Bethel Williamson CCNP/CCDP From: Paco García [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 13, 2000 7:27 AM To: [EMAIL PROTECTED] Subject: NAT Pool Hi all: I have 150 computers for connect to internet, I have to configure a nat pool to this connection, How many addresses I have to configure into the pool, for more efficient translation? Thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Pool
How many unused registered addresses are available? How many simultaneous outgoing connections do you expect? NAT addresses are dynamically assigned one per outgoing connection. My advise is to save a group of addresses for static NATs and future growth, put most of the rest in a NAT pool and create an additional single address NAT pool for NAT overflow (PAT). Vern Stitt, AE, ASE, CCNA, MCSE ""Paco García"" <[EMAIL PROTECTED]> wrote in message 8i55cl$4ji$[EMAIL PROTECTED]">news:8i55cl$4ji$[EMAIL PROTECTED]... > Hi all: > > I have 150 computers for connect to internet, I have to configure a nat pool > to this connection, How many addresses I have to configure into the pool, > for more efficient translation? > > Thanks > > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Pool
Hola Paco >From cisco, 1 ip address can support aprox. 64000 tcp connections, but remember that each machine can open several tcp connections while browsing. A very bad example is IExplorer, which can open 6 or 7 simultaneus connections. Netscape is limited (i think) to 4. So you can do some math. So 1 Ip should be enough for 150 machines doing browsing. Take care which router you use (If you do heavy browsing a 800 maybe can not handle the load) As allways, try to reserve IP for static translation if you plan to publish services to the internet (mail, web, etc) And remember that there will be some protocols/programs which don´t work with NAT. Saludos! -- --- Javier Contreras Albesa Standard Trainer PRO IN Training S.L. PROfessional Information Networks World Trade Center, Moll de Barcelona S/N Edif Sur, Planta 4 Phone: (+34) 93-5088850 E-mail: [EMAIL PROTECTED] Fax: (+34) 93-5088860 Internet: http:// www.proin.com SHAPING THE FUTURE - BE PART OF IT! ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT Pool
If you only need Internet access for browsing use PAT, it's more efficient in conserving your global IP addresses. You only need one global IP address to use PAT and there should no noticeable latency in the translations for 150 PCs. Vijay Ramcharan, MCSE, CCNA -Original Message- From: Paco García [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 13, 2000 7:27 AM To: [EMAIL PROTECTED] Subject: NAT Pool Hi all: I have 150 computers for connect to internet, I have to configure a nat pool to this connection, How many addresses I have to configure into the pool, for more efficient translation? Thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT POOL URGENT
Here I go again, when configuring NAT, I want to configure a NAT pool, I know the commands and I am running 11.3 but It does not recognize the "ip nat pool" command...it's just not there. Thanks, Mark ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Pool
Hola Paco >From cisco, 1 ip address can support aprox. 64000 tcp connections, but remember that each machine can open several tcp connections while browsing. A very bad example is IExplorer, which can open 6 or 7 simultaneus connections. Netscape is limited (i think) to 4. So you can do some math. So 1 Ip should be enough for 150 machines doing browsing. Take care which router you use (If you do heavy browsing a 800 maybe can not handle the load) As allways, try to reserve IP for static translation if you plan to publish services to the internet (mail, web, etc) And remember that there will be some protocols/programs which don´t work with NAT. Saludos! "Paco García" escribió: > Hi all: > > I have 150 computers for connect to internet, I have to configure a nat pool > to this connection, How many addresses I have to configure into the pool, > for more efficient translation? > > Thanks > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- -- --- Javier Contreras Albesa Standard Trainer PRO IN Training S.L. PROfessional Information Networks World Trade Center, Moll de Barcelona S/N Edif Sur, Planta 4 Phone: (+34) 93-5088850 E-mail: [EMAIL PROTECTED] Fax: (+34) 93-5088860 Internet: http:// www.proin.com SHAPING THE FUTURE - BE PART OF IT! ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT POOL URGENT
You need to get the right IOS Feature Pack. -Original Message- From: Mark [mailto:[EMAIL PROTECTED]] Sent: Friday, June 16, 2000 11:38 AM To: [EMAIL PROTECTED] Subject: NAT POOL URGENT Here I go again, when configuring NAT, I want to configure a NAT pool, I know the commands and I am running 11.3 but It does not recognize the "ip nat pool" command...it's just not there. Thanks, Mark ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT POOL URGENT
Check your feature set, it must be a plus one. If you do a sh ver, it must inlude an "s", i.e. -is-, -js-,... Mark wrote: > Here I go again, when configuring NAT, I want to configure a NAT pool, I > know the commands and I am running 11.3 but It does not recognize the "ip > nat pool" command...it's just not there. > > Thanks, > Mark > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- E. Carolina Arias Serna Consorcio Red Uno Ingeniería Datos Sector Servicios [EMAIL PROTECTED] 56244400 E4828 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT POOL URGENT
FOr those folks who resopnded or emailed thanks...I got it. Just so you know it is an IOS issue, IP only wont do it. "Mark" <[EMAIL PROTECTED]> wrote in message 8idkrd$6a3$[EMAIL PROTECTED]">news:8idkrd$6a3$[EMAIL PROTECTED]... > Here I go again, when configuring NAT, I want to configure a NAT pool, I > know the commands and I am running 11.3 but It does not recognize the "ip > nat pool" command...it's just not there. > > Thanks, > Mark > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nat pool problem [7:38872]
I having problems staticaly translatinga server to the outside world , bu= t looking at my config is their somthing im misssing=0D =0D =0D ostname Router=0D !=0D logging buffered 8192 debugging=0D enable secret 5 $1$D7U1$YMuIAg0B3iJtwD0vt0ZWn0=0D !=0D username Router password 7 097C4F1A0A1218000F=0D !=0D !=0D !=0D !=0D !=0D dial-peer voice 1 pots=0D call-waiting=0D ring 0=0D port 1=0D destination-pattern 6688594=0D !=0D dial-peer voice 2 pots=0D call-waiting=0D ring 0=0D port 2=0D destination-pattern 6688549=0D !=0D pots country US=0D !=0D ip subnet-zero=0D no ip source-route=0D !=0D isdn switch-type basic-ni=0D !=0D !=0D !=0D interface Ethernet0=0D ip address 192.168.9.102 255.255.255.0=0D ip access-group 121 in=0D no ip proxy-arp=0D ip nat inside=0D !=0D interface BRI0=0D no ip address=0D encapsulation ppp=0D dialer pool-member 1=0D isdn switch-type basic-ni=0D isdn spid1 95666885940101 6688594=0D isdn spid2 95666885490101 6688549=0D isdn incoming-voice modem=0D ppp authentication chap pap callin=0D ppp multilink=0D !=0D interface Dialer1=0D description ISP=0D ip address 66.85.189.9 255.255.255.248=0D ip access-group 121 in=0D no ip proxy-arp=0D ip nat outside=0D encapsulation ppp=0D no ip split-horizon=0D dialer remote-name Cisco1=0D dialer pool 1=0D dialer idle-timeout 2147483=0D dialer string 9840559 class DialClass=0D dialer hold-queue 10=0D dialer load-threshold 1 either=0D dialer-group 1=0D pulse-time 0=0D ppp authentication chap pap callin=0D ppp chap hostname loopcold=0D ppp chap password 7 04560807032D4940=0D ppp pap sent-username loopcold password 7 09414D081509121C=0D ppp multilink=0D !=0D ip nat pool ISPNATPool 66.85.189.11 66.85.189.14 netmask 255.255.255.248=0D ip nat inside source list 18 pool ISPNATPool overload=0D ip nat inside source static 192.168.9.101 66.85.189.10=0D no ip http server=0D ip classless=0D ip route 0.0.0.0 0.0.0.0 Dialer1=0D !=0D !=0D map-class dialer DialClass=0D dialer isdn speed 56=0D access-list 18 permit 66.85.189.8 0.0.0.7=0D access-list 121 deny udp any eq netbios-dgm any=0D access-list 121 deny udp any eq netbios-ns any=0D access-list 121 deny udp any eq netbios-ss any=0D access-list 121 deny tcp any eq 137 any=0D access-list 121 deny tcp any eq 138 any=0D access-list 121 deny tcp any eq 139 any=0D access-list 121 permit ip any any time-range TIME=0D dialer-list 1 protocol ip permit=0D !=0D line con 0=0D exec-timeout 120 0=0D transport input none=0D stopbits 1=0D line vty 0 4=0D exec-timeout 0 0=0D password 7 082F435A0809041E1C=0D login [GroupStudy.com removed an attachment of type image/gif] [GroupStudy.com removed an attachment of type Image/jpeg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38872&t=38872 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT pool timeout [7:21206]
Hi, I am running out of addresses in nat pool. I understand that after certain time period of inactivity addresses are timed out and return to the pool. I would like to know, what is the default timeout for inactive addresses in pool and how to reduce/manage timeout after a certain period of inactivity. I researched CCO but things are not clear!!. Any comments are appreciated. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21206&t=21206 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: nat pool problem [7:38872]
Have you got a route to the pool? Marc george wrote: > > I having problems staticaly translatinga server to the outside world , bu= > t > looking at my config is their somthing im misssing=0D > =0D > =0D > ostname Router=0D > !=0D > logging buffered 8192 debugging=0D > enable secret 5 $1$D7U1$YMuIAg0B3iJtwD0vt0ZWn0=0D > !=0D > username Router password 7 097C4F1A0A1218000F=0D > !=0D > !=0D > !=0D > !=0D > !=0D > dial-peer voice 1 pots=0D > call-waiting=0D > ring 0=0D > port 1=0D > destination-pattern 6688594=0D > !=0D > dial-peer voice 2 pots=0D > call-waiting=0D > ring 0=0D > port 2=0D > destination-pattern 6688549=0D > !=0D > pots country US=0D > !=0D > ip subnet-zero=0D > no ip source-route=0D > !=0D > isdn switch-type basic-ni=0D > !=0D > !=0D > !=0D > interface Ethernet0=0D > ip address 192.168.9.102 255.255.255.0=0D > ip access-group 121 in=0D > no ip proxy-arp=0D > ip nat inside=0D > !=0D > interface BRI0=0D > no ip address=0D > encapsulation ppp=0D > dialer pool-member 1=0D > isdn switch-type basic-ni=0D > isdn spid1 95666885940101 6688594=0D > isdn spid2 95666885490101 6688549=0D > isdn incoming-voice modem=0D > ppp authentication chap pap callin=0D > ppp multilink=0D > !=0D > interface Dialer1=0D > description ISP=0D > ip address 66.85.189.9 255.255.255.248=0D > ip access-group 121 in=0D > no ip proxy-arp=0D > ip nat outside=0D > encapsulation ppp=0D > no ip split-horizon=0D > dialer remote-name Cisco1=0D > dialer pool 1=0D > dialer idle-timeout 2147483=0D > dialer string 9840559 class DialClass=0D > dialer hold-queue 10=0D > dialer load-threshold 1 either=0D > dialer-group 1=0D > pulse-time 0=0D > ppp authentication chap pap callin=0D > ppp chap hostname loopcold=0D > ppp chap password 7 04560807032D4940=0D > ppp pap sent-username loopcold password 7 09414D081509121C=0D > ppp multilink=0D > !=0D > ip nat pool ISPNATPool 66.85.189.11 66.85.189.14 netmask 255.255.255.248=0D > ip nat inside source list 18 pool ISPNATPool overload=0D > ip nat inside source static 192.168.9.101 66.85.189.10=0D > no ip http server=0D > ip classless=0D > ip route 0.0.0.0 0.0.0.0 Dialer1=0D > !=0D > !=0D > map-class dialer DialClass=0D > dialer isdn speed 56=0D > access-list 18 permit 66.85.189.8 0.0.0.7=0D > access-list 121 deny udp any eq netbios-dgm any=0D > access-list 121 deny udp any eq netbios-ns any=0D > access-list 121 deny udp any eq netbios-ss any=0D > access-list 121 deny tcp any eq 137 any=0D > access-list 121 deny tcp any eq 138 any=0D > access-list 121 deny tcp any eq 139 any=0D > access-list 121 permit ip any any time-range TIME=0D > dialer-list 1 protocol ip permit=0D > !=0D > line con 0=0D > exec-timeout 120 0=0D > transport input none=0D > stopbits 1=0D > line vty 0 4=0D > exec-timeout 0 0=0D > password 7 082F435A0809041E1C=0D > login > > [GroupStudy.com removed an attachment of type image/gif] > > [GroupStudy.com removed an attachment of type Image/jpeg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38913&t=38872 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT pool timeout [7:21206]
On a cisco router you can set the lease time by going into config t, and then into the dhcp pool name and issue the command lease 0-365 days, I think the default lease time is 1 day. -Original Message- From: Quadri, Habeeb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 4:05 PM To: [EMAIL PROTECTED] Subject: NAT pool timeout [7:21206] Hi, I am running out of addresses in nat pool. I understand that after certain time period of inactivity addresses are timed out and return to the pool. I would like to know, what is the default timeout for inactive addresses in pool and how to reduce/manage timeout after a certain period of inactivity. I researched CCO but things are not clear!!. Any comments are appreciated. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21211&t=21206 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT pool timeout [7:21206]
It depends on if you are using NAT or PAT. The default timeout for dynamic NAT translations (not using overload) is 24 hours and can be adjusted: router(config)#ip nat translation timeout If you are using PAT (overload), then you have to deal with other timeout settings. If you execute: router(config)#ip nat translation ? You will see a list of timeouts you can adjust. TCP ports stay active for 24 hours unless a RST is received, UDP ports are 5 minutes and DNS times out in 60 seconds. Again, you can adjust all these timers. Regards, Bill ""Quadri, Habeeb"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I am running out of addresses in nat pool. I understand that after certain > time period of inactivity addresses are timed out and return to the pool. I > would like to know, what is the default timeout for inactive addresses in > pool and how to reduce/manage timeout after a certain period of inactivity. > I researched CCO but things are not clear!!. Any comments are appreciated. > > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21259&t=21206 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]