translation limit on pix/asa

Unanswered Question
Aug 20th, 2009

Hi,

Is there any limits on amount of translation that pix/asa can handle concurrently. Any commands to see this & for correcting it.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hschaefers Fri, 08/21/2009 - 06:06

Correct.

If you're reaching the theoretical limit of translations, you should be investing in more IP's for further translations.

Ports 1024+ is available of the 65535 for each IP you use.

However please note:

Depending on your ASA/PIX your unit may have lower limits on max translations based on its processor and memory capabilities.

jan.nielsen Fri, 08/21/2009 - 08:03

Also, just a heads up if youre using ASA5505, you have a host license, which can be 10, 50 or unlimited users going through the asa at the same time.

Not really!! with a 1:many - you will be using Port Address Tranlsation. You could have 1000 internal IP addresses and NAT them to 1 external IP address - and the ASA will have a PAT translation table with specific translation ports.

You could only have 1 internal IP and you could make 10,000 seperate outbound connections to the internet and the same priciple applies.

For every seperate outbound connection, the ASA creates 1 x PAT table entry. So that would be 65535-1 = 65534 left.

HTH>

Actions

This Discussion