Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

NAT config

My company has a /24 global address. The NAT/PAT was setup to translate approx. 60 addresses per subnet using NAT, and then “failover” (is that the right terminology) to PAT. So we have something like what I have below:

Engineering (subnet 10.7.7.0) --- (Global Pool 7) NAT 189.23.24.60 - 189.23.24.150, PAT 189.23.24.151

Marketing (subnet 10.7.8.0) - (Global Pool 8) NAT 189.23.24.152 - 189.23.24.225, PAT 189.23.24.226

Can you tell me how common of a configuration the one-to-one mapping with a PAT “failover” or catchall is?

How about from the perspective of resource utilization on the ASA 5510. Is it more work for it to do PAT vs. NAT?

When the ASA looks at the global pool, does it always pull from the NAT before it used the PAT address? That would seem logical, but I wasn't sure if you added the PAT into the pool first, before the range, if it would disregard the range all together.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NAT config

Can you tell me how common of a configuration the one-to-one mapping with a PAT “failover” or catchall is?

It's not common, but most firms don't have a /24 so just a PAT is more common.

How about from the perspective of resource utilization on the ASA 5510. Is it more work for it to do PAT vs. NAT?

Pretty much the same.

When the ASA looks at the global pool, does it always pull from the NAT before it used the PAT address?

Yes, it grabs a full NAT until they are all gone, then it uses the PAT address.

Hope it helps.

2 REPLIES

Re: NAT config

Can you tell me how common of a configuration the one-to-one mapping with a PAT “failover” or catchall is?

It's not common, but most firms don't have a /24 so just a PAT is more common.

How about from the perspective of resource utilization on the ASA 5510. Is it more work for it to do PAT vs. NAT?

Pretty much the same.

When the ASA looks at the global pool, does it always pull from the NAT before it used the PAT address?

Yes, it grabs a full NAT until they are all gone, then it uses the PAT address.

Hope it helps.

Community Member

Re: NAT config

You are awesome.

245
Views
0
Helpful
2
Replies
CreatePlease to create content