cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1156
Views
0
Helpful
3
Replies

ASA 5540 MAX NAT Translations

Kacey Wilson
Level 1
Level 1

I am installing an ASA 5540 in front of a client router.  The Client requires no more than a 1:32 NAT translation ratio.   I have over 3500 users so this equals out to be 110 NAT translations in the configuration.   

Can anyone tell me if there is a limit that I would be exceeding on the 5540 and or if there would be a better way to set this up?

Much appreciated!!

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

I would think you can just set up a dynamic NAT pool to an outside /25 (126 usable addresses) or a specific range (with 110 real IPs).

I haven't read any limits per se in the Cisco documentation but this is a relatively common implementation scenario.

Users' inside IP addresses will be assigned round robin to create the NAT XLATE entries.

Thanks for the reply Marvin.

If we use a NAT pool I thought the ASA would do a 1 to 1 translation with the pool and then it PAT's with the last IP in the pool range?

That's correct.

Each new TCP connection initiated from the inside gets a 1-1 NAT for as long as the connection is active. Once it is closed, that XLATE entry clears and that IP is available once again for the pool to assign dynamically. If the pool is exhausted, the last pool address will be used as a PAT.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: