Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Maximum number of 1-1 Static nat entries on ASA 5515X or 5525X or greater?

I have a FWSM cluster that I exceeded the maximum number of static nat entries on.  i migrated the connectivity off to a pair of PIX 535's that seem to be handling the adderess translation needs.  however the number of NAT entries being required is increasing and being the PIX series wal EOL'd several years back..I need to replace them..  The static 1-1 nat entries cannot be summarized into network as the hosts that are being nat'd are scattered all over various micro subnets in the all 3 rfc1918 ipv4 address ranges and they are being manged directly by snmp and SNMP-trap and other services that prohibit the use of many-to-one nat.   Is there a mknown maximum number of static 1-1 nat entries that can be defined on the ASA 5515-x, 5525=x and higher ASA firewalls?  Say I wanted to be able to grow to 2500 or more static 1-1 nat entries.  I am currently running 2010 1-1 static host nats currently.

-Andrew               

  • Firewalling
1 REPLY
Cisco Employee

Maximum number of 1-1 Static nat entries on ASA 5515X or 5525X o

Andrew,

There is nothing documented, mainly it is because the firewall does not have a fix amount of memory to allocate the translations or various resources that it use. Basically the answer here is, depends on the amount of traffic, inspections, features and so on that you have enable.

Mostlikely the impact that you will see will be in the memory. Make sure you monitor that.

Mike

Mike
1053
Views
0
Helpful
1
Replies