All,
I'm running an ASR1004 as a centralised CGNAT router. I've got various pools
defined for different customers, and use a NAT route-map to stop private IPs
being NAT'd when trying to reach our internal services (where we'd want to see
the private IPs still). Typical config per customer is:
ip
I'll make a note to add a publicly facing note for CSCtz33305, but the
short of it is that the way the ASR1k installs NAT pools into TCAM is not
very efficient when a deny statement exists in the ACL. I don't remember
the exact numbers but a single deny ACL entry can expand out 3x or more
Pete,
Many thanks for taking the time to respond.
On Fri Mar 22, 2013 at 06:26:14PM +0100, Pete Lumbis wrote:
My guess is the NAT configuration is actually exceeding TCAM on the ESP
that is installed. You can take a look at show platform hardware qfp
active tcam resource-manager to see the