cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4986
Views
4
Helpful
3
Replies

ASA Xlate limits

mdieken01
Level 1
Level 1

I have an ASA 5520 in a school environment.  I currently only have 1 public IP NATing for about 3000 students.  I was wondering if there were any limits per public IP as far as translations go.

Thanks in advance!

Mark

3 Replies 3

Kimberly Adams
Level 3
Level 3

Mark,

I have not found anything about the XLATES, but the following gives you the basics about how many connections for all the ASA5500 series devices and what their basic capabilites are. 

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf

Thanks and do rate helpful posts.

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

You can use the "show resource usage summary"  or "show resource usage resource Xlates" command on the ASA to see information about ASAs own resource usage and limits.

As you are using single public IP address for users with PAT translation I think it limits the connections

65535 as thats the maximum amount of ports you have at our disposal for PAT translations. Not sure if thats the exact amount.

- Jouni

the show resources commands are not showing this information. Maybe this has changed over the past 8 years. I see no way to tell how high a number we can set. We have pools of ip's NATing to Internet so we can go higher than 65k xlates and we do. This is on an ASA 5555. Some of the resources do show a percentage of possible limits to set but others, like xlates, do not. Even with a limit set in every class

 

asa5555-fw# sh resource allocation
Resource Total % of Avail
Conns [rate] 31000 0.00%
Inspects [rate] 13500 0.00%
Syslogs [rate] 38000 0.00%
Conns 392500 39.21%
Hosts 32000 0.00%
IPSec unlimited
Mac-addresses 22000 33.56%
ASDM 25 12.50%
SSH Client 15(U) 15.00%
SSH Server 22 22.00%
Storage unlimited
Telnet 15 15.00%
Xlates 218000 0.00%
Routes 4200 0.00%
Other VPN Sessions 0
Other VPN Burst 0
AnyConnect 0
AnyConnect Burst 0
IKEv1 in-negotiatio 960 19.20%
U = Unlimited: Some contexts have no limit and are not included in the total

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: