NAT/PAT

Unanswered Question

Hi, i work in a Celular company from Chile, and i have a problem with a NAT/PAT, realy the problem is not with a NAT/PAT, the problem is when 10000 user consulting some webpage like www.google.cl; when this happens www.google.cl take this consulting how a attack, beacause 10000 user consulting the same webpage with the same IP address.

I have a 128 real IP, but the NAT/PAT complete the 65000 port the first IP en then follow with the second IP.


Thanks,}

Help me.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 05/13/2009 - 11:47
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Break down the NAT configuration into smaller subnets. Do not translate everything to a single IP address.


If you have 128 Public IP addresses, you can create 128 dynamic NAT assignments.


With that said, I recommend using a FireWall (ASA or PIX) for this type of task as the performance is better when doing many address translations. It can be done on a powerful router (7200 or above) but a FW performs better.


HTH,


__


Edison.

Actions

This Discussion