I found this paragraph on the FWSM configuration guide 3.2:
NAT Bypass No Longer Creates NAT Sessions
In previous releases, even if you used NAT exemption or identity NAT, the FWSM created NAT sessions (xlates) for all flows. In Release 3.2, you can configure the FWSM to create xlates only when NAT is configured. By default, the FWSM creates NAT sessions for all connections even if you do not use NAT. For example, a session is created for each untranslated connection even if you do not enable NAT control, you use NAT exemption or identity NAT, or you use same security interfaces and do not
configure NAT. Because there is a maximum number of NAT sessions, these kinds of NAT sessions might cause you to run into the limit.
What I understand is that for any flow, a xlate is built.
Now, taking a look on the FWSM data sheet:
? 1 million concurrent connections
? 256,000 concurrent NAT or PAT translations
This doesn't make sense to me because one translations correspond to connection, unless a flow includes several connections.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...