Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
3
Replies

Max # of Static NAT's in IOS (on 2811)?

mpervere
Level 1
Level 1

‎09-27-2005 01:19 PM - edited ‎03-03-2019 12:11 AM

OK a weird one, but bear with me. I've got a proposal to slam to 10.x.x.x networks together with a IOS NAT gateway, and the site at the other side wants me to build a config that literally has 4,000 static NAT's.

Can anyone give me any empirical reasons why a 2811 wouldn't be able to do this -- other than it just sounds totally insane to even suggest it.

Thanks!

Mike

Labels:
0 Helpful
3 Replies 3

ybajpai
Level 1
Level 1

‎09-27-2005 03:44 PM

There is no default limit of NAT entries on IOS. Each nat entry takes 160 bytes of DRAM memory so theorotically you can have as many NAT entries as your free DRAM memory would allow! So if you have a lot of memory spare ( you need aournd 640k spare for 4000 NAT entries), you CAN do that on your router....not sure if that is good news or bad news for you though :)

Remember that NAT is still done in software on those routers though.

Note: You can limit the max nat entries by "ip nat translation max-entries " command.

0 Helpful

mpervere
Level 1
Level 1
In response to ybajpai

‎09-27-2005 04:13 PM

Yeah, not really the answer I was looking for :^)

BUT, wouldn't there also be a NVRAM (config memory) concern? Aside from DRAM and CPU to execute the commands, it seems to me you also need about 50 bytes for each "ip nat inside source static" line in the config. If you do that math, that's 200KB of non-volatile config memory, and I don't think a 2811 has that much to spare. I found a 2851 "show ver" that listed 239KB, so I figure a 2811 could only be worse.

Of course maybe I DON'T want to know if my thinking is wrong there. I just LOVE trying to come up with reasons why something that's just intuitively stupid is actually somehow physically impossible...

0 Helpful

ybajpai
Level 1
Level 1
In response to mpervere

‎09-27-2005 04:34 PM

well, if nvram is an issue, you may be able to use "service compress-config " or use "masks" on the nat statements to reduce the size :)

See, the thing is that is we (at Cisco) are more used to 'solve' customer issues then suggest reasons as to why its not possible :)))

but i do agree its a far fetched thing to do...!

0 Helpful
Customers Also Viewed These Support Documents