Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PAT - Maximum number of translations

I don't know the maximum of translation slots available when PAT is used

1) PAT uses the high ports for translations; therefore the available translation slots per IP are calculated

via 65536-1024 = 64512.

2) Almost unlimited as a hash value is used to identify the translation instead of using the TCP port. The

hash value is calculated using the source port and IP address as well as destination port and IP address,

this will allow to have more that 65000 connection with one IP.

Community Member

Re: PAT - Maximum number of translations

Hey, where did you get the second point from. This is wrong. First one is correct, however, let me give you some more details here:

The firewall, when translating port for NAT overload, splits the available ports into

three pools:

Low: 0-511

Mid: 512-1023

High: 1024-65535

If a packet inside you network comes into the Firewall destined for the Internet, and it

source port falls into one of those pool, the PIX will translate it to another port in

that pool. When the Firewall first starts translating addresses, it starts with the lowest port number in each pool. That means the first UDP packet sourced internally from a high port will get sent on the Internet with a new source port of 1024.

The next UDP high port translation will go out with a source port of 1025, so on and so


I hope you find the above information useful. Here's a good link for you where you can find some more details on this question:

CreatePlease to create content