andrew.prince@m... Fri, 08/21/2009 - 00:21
User Badges:
  • Green, 3000 points or more

65535 is the limit for translation slots, this of course refers to PAT and not static NAT.


The limit is set by the amount of TCP/UDP ports numbers available in the TCP/IP stack.


HTH>

hschaefers Fri, 08/21/2009 - 06:06
User Badges:

Correct.


If you're reaching the theoretical limit of translations, you should be investing in more IP's for further translations.


Ports 1024+ is available of the 65535 for each IP you use.


However please note:

Depending on your ASA/PIX your unit may have lower limits on max translations based on its processor and memory capabilities.


jan.nielsen Fri, 08/21/2009 - 08:03
User Badges:
  • Gold, 750 points or more

Also, just a heads up if youre using ASA5505, you have a host license, which can be 10, 50 or unlimited users going through the asa at the same time.

rameshwar@hp.com Fri, 10/23/2009 - 09:43
User Badges:

Can you please tell me how me how many muximum ip address can be natted with single public ip address.

rameshwar@hp.com Mon, 10/26/2009 - 04:30
User Badges:

Thnx Andrew,

Did you meen to say, i can nat 65535 IP addresses to one IP address?

andrew.prince@m... Mon, 10/26/2009 - 04:55
User Badges:
  • Green, 3000 points or more

Not really!! with a 1:many - you will be using Port Address Tranlsation. You could have 1000 internal IP addresses and NAT them to 1 external IP address - and the ASA will have a PAT translation table with specific translation ports.


You could only have 1 internal IP and you could make 10,000 seperate outbound connections to the internet and the same priciple applies.


For every seperate outbound connection, the ASA creates 1 x PAT table entry. So that would be 65535-1 = 65534 left.


HTH>

Actions

This Discussion