Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5540 MAX NAT Translations

I am installing an ASA 5540 in front of a client router.  The Client requires no more than a 1:32 NAT translation ratio.   I have over 3500 users so this equals out to be 110 NAT translations in the configuration.   

Can anyone tell me if there is a limit that I would be exceeding on the 5540 and or if there would be a better way to set this up?

Much appreciated!!

  • Firewalling
Hall of Fame Super Silver

ASA 5540 MAX NAT Translations

I would think you can just set up a dynamic NAT pool to an outside /25 (126 usable addresses) or a specific range (with 110 real IPs).

I haven't read any limits per se in the Cisco documentation but this is a relatively common implementation scenario.

Users' inside IP addresses will be assigned round robin to create the NAT XLATE entries.

New Member

ASA 5540 MAX NAT Translations

Thanks for the reply Marvin.

If we use a NAT pool I thought the ASA would do a 1 to 1 translation with the pool and then it PAT's with the last IP in the pool range?

Hall of Fame Super Silver

ASA 5540 MAX NAT Translations

That's correct.

Each new TCP connection initiated from the inside gets a 1-1 NAT for as long as the connection is active. Once it is closed, that XLATE entry clears and that IP is available once again for the pool to assign dynamically. If the pool is exhausted, the last pool address will be used as a PAT.