hschaefers Fri, 08/21/2009 - 06:06
User Badges:

Correct.


If you're reaching the theoretical limit of translations, you should be investing in more IP's for further translations.


Ports 1024+ is available of the 65535 for each IP you use.


However please note:

Depending on your ASA/PIX your unit may have lower limits on max translations based on its processor and memory capabilities.


jan.nielsen Fri, 08/21/2009 - 08:03
User Badges:
  • Gold, 750 points or more

Also, just a heads up if youre using ASA5505, you have a host license, which can be 10, 50 or unlimited users going through the asa at the same time.

Not really!! with a 1:many - you will be using Port Address Tranlsation. You could have 1000 internal IP addresses and NAT them to 1 external IP address - and the ASA will have a PAT translation table with specific translation ports.


You could only have 1 internal IP and you could make 10,000 seperate outbound connections to the internet and the same priciple applies.


For every seperate outbound connection, the ASA creates 1 x PAT table entry. So that would be 65535-1 = 65534 left.


HTH>

Actions

This Discussion