Hi,
So what you are saying that the single PAT IP addresses ports are being exhausted and any following connections/host wont get a translation?
The reason why your new NAT configuration doesnt work is that you are using NAT Pool. It just assing a single NAT IP address for single host. When it runs out of IP addresses you dont have any NAT IP addresses left. And this naturally happens fast with your setup. Even faster than using the single PAT IP address.
The solution would be to configure several "global" statements in the configuration.
Since you didnt provide the original configuration I will make up a sample configuration of Before and After situation
Before
global (OUTSIDE) 12 interface
nat (INSIDE1) 12 192.168.1.0 255.255.255.0
nat (INSIDE1) 12 192.168.2.0 255.255.255.0
nat (INSIDE2) 12 192.168.3.0 255.255.255.0
nat (INSIDE2) 12 192.168.4.0 255.255.255.0
After
- If your goal is to simply add 1 or more PAT addresses to addres the problem of running out of ports then you just add an additional "global" statement/configuration
global (OUTSIDE) 12 interface
global (OUTSIDE) 12 10.1.1.48
nat (INSIDE1) 12 192.168.1.0 255.255.255.0
nat (INSIDE1) 12 192.168.2.0 255.255.255.0
nat (INSIDE2) 12 192.168.3.0 255.255.255.0
nat (INSIDE2) 12 192.168.4.0 255.255.255.0
Also typically in situations where you have a sufficient NAT Pool BUT it might run out of address occasionally, you could configure NAT Pool + PAT as an overload address for when the NAT Pool runs out.
Basic configuration format could be for example
global (OUTSIDE) 12 10.1.1.2-10.1.1.253
global (OUTSIDE) 12 10.1.1.254
nat (INSIDE1) 12 192.168.1.0 255.255.255.0
nat (INSIDE1) 12 192.168.2.0 255.255.255.0
nat (INSIDE2) 12 192.168.3.0 255.255.255.0
nat (INSIDE2) 12 192.168.4.0 255.255.255.0
Hope this helps
- Jouni