01-20-2016 09:49 AM - edited 03-10-2019 12:34 AM
Not sure if this is the correct forum or not, but I have a question about the PAT/NAT Overload and the Maximum addresses i can use.
I have seen there is a theoretical Maximum of approx 65000 addresses but cannot seem to find a best practice of how many private IP addresses you really should overload behind a single public IP address.
Currently I have a single public IP with a /16 behind it.
I am using an ASA 5585.
I am thinking, that since I have several public IPs that I divide it by four:
in the ranges:
x.x.0.1 to 64.255 inside to public outside IP 1
x.x.65.0 to 128.255 inside to public outside IP 2
x.x.129.0 to 192.255 inside to public outside IP 3
x.x.193.0 to x.x.255.254 inside to public outside IP 4
Any knowledge is good knowledge on this subject.
Thanks!
01-20-2016 04:43 PM
Hi daffrandy,
According with the documentation:
When configuring for PAT (overloading), what is the maximum number of translations that can be created per inside global IP address?
PAT (overloading) divides the available ports per global IP address into three ranges: 0-511, 512-1023, and 1024-65535. PAT assigns a unique source port for each UDP or TCP session. It attempts to assign the same port value of the original request, but if the original source port has already been used, it starts scanning from the beginning of the particular port range to find the first available port and assigns it to the conversation.
Is up to you if you want to use more than one public IP on the ASA for the translations.
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html
Hope it helps
-Randy-
01-21-2016 07:36 PM
The ASA will be working very hard.
Its better to break up the class B then behind multiple public ips.
That will be my next course of action.
we get 7 to 10 thousand devices on the class B at peak times.
01-21-2016 05:15 PM
If you have more than one public IP then I would use them. I have split traffic according to my network locations( all Internet connections come through our main site) so it gives me an idea how much Internet traffic each site generates.
01-21-2016 07:28 PM
I think that since I have the luxury, I am going to divide the class B by 16.
that will give me approx 4000 private addresses per public ip.
Thanks!
Dan
01-21-2016 09:47 PM
PAT (overloading) divides the available ports per global IP address into three ranges: 0-511, 512-1023, and 1024-65535. PAT assigns a unique source port for each UDP or TCP session. It attempts to assign the same port value of the original request,
01-22-2016 02:39 AM
It attempts to assign the same port value of the original request, but if the original source port has already been used, it starts scanning from the beginning of the particular port range to find the first available port and assigns it to the conversation.
01-21-2016 09:48 PM
PAT (overloading) divides the available ports per global IP address into three ranges: 0-511, 512-1023, and 1024-65535.
01-21-2016 09:57 PM
I think that's what is a theoretical Max. What I'm looking for is a best practice. If dividing a private class be up between 32 or 64 different ranges will make the network less congested going out then why not use that if you have the luxury? If you have a class B behind One address that would probably be a bottleneck and a source of congestion. What I am seeing on my network is webpages loading slowly or taking several refreshes to load.This only occurs with NATed clients. Clients on our public range are not experiencing the issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: