08-05-2010 12:36 PM
This question is on ACE 4710 design, specifically the NAT statement offten used on the server vlan interfaces. What is the maximum number of connections to a group of servers I can get with only using a single nat address? Is it ~65000 ie the number of ethereal ports available? Do i need to use multiple addresses if I expect more than 65000 connections on a VIP?
interface vlan x
description server vlan
ip address xx.xx.xx.20 255.255.255.224
access-group input ACL1
access-group output ACL1
nat-pool 1 xx.xx.xx.1 xx.xx.xx.1 netmask 255.255.255.224 pat
service-policy input remote-mgmt
service-policy input CLIENT-VIPS
no shutdown
Solved! Go to Solution.
08-05-2010 01:02 PM
The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:
You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:
08-05-2010 01:02 PM
The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:
You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:
08-05-2010 08:20 PM
thanks a lot
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: