Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Routed / One-ARM Design

This question is on ACE 4710 design, specifically the NAT statement offten used on the server vlan interfaces.  What is the maximum number of connections to a group of servers I can get with only using a single nat address?  Is it ~65000 ie the number of ethereal ports available?  Do i need to use multiple addresses if I expect more than 65000 connections on a VIP?

interface vlan x

  description server vlan
  ip address xx.xx.xx.20 255.255.255.224
  access-group input ACL1
  access-group output ACL1

  nat-pool 1 xx.xx.xx.1 xx.xx.xx.1 netmask 255.255.255.224 pat
  service-policy input remote-mgmt
  service-policy input CLIENT-VIPS
  no shutdown

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE Routed / One-ARM Design

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

2 REPLIES
Cisco Employee

Re: ACE Routed / One-ARM Design

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

New Member

Re: ACE Routed / One-ARM Design

thanks a lot

542
Views
0
Helpful
2
Replies
CreatePlease login to create content