Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PAT/NAT Overload Maximum addresses

Not sure if this is the correct forum or not, but I have a question about the PAT/NAT Overload  and the Maximum addresses i can use.

I have seen there is a theoretical Maximum of approx 65000 addresses but cannot seem to find a best practice of how many private IP addresses you really should overload behind a single public IP address.

Currently I have a single public IP with a /16 behind it.

I am using an ASA 5585.

I am thinking, that since I have several public IPs that I divide it by four:

in the ranges:

x.x.0.1 to 64.255 inside to public outside IP 1

x.x.65.0 to 128.255 inside to public outside IP 2

x.x.129.0 to 192.255 inside to public outside IP 3

x.x.193.0 to x.x.255.254 inside to public outside IP 4

Any knowledge is good knowledge on this subject.

Thanks!

8 REPLIES
Silver

Hi daffrandy, 

Hi 

 When configuring for PAT (overloading), what is the maximum number of translations that can be created per inside global IP address? 

Hope it helps

-Randy-

New Member

The ASA will be working very

The ASA will be working very hard.

Its better to break up the class B then behind multiple public ips.

That will be my next course of action.

we get 7 to 10 thousand devices on the class B at peak times.

If you have more than one

If you have more than one public IP then I would use them. I have split  traffic according to my network locations( all Internet connections come through our main site) so it gives me an idea how much Internet traffic each site generates.

New Member

I think that since I have the

I think that since I have the luxury, I am going to divide the class B by 16.

that will give me approx 4000 private addresses per public ip.

Thanks!

Dan

New Member

PAT (overloading) divides the

New Member

It attempts to assign the

It attempts to assign the same port value of the original request, but if the original source port has already been used, it starts scanning from the beginning of the particular port range to find the first available port and assigns it to the conversation.

New Member

PAT (overloading) divides the

New Member

I think that's what is a

I think that's what is a theoretical Max. What I'm looking for is a best practice. If dividing a private class be up between 32 or 64 different ranges will make the network less congested going out then why not use that if you have the luxury? If you have a class B behind One address that would probably be a bottleneck and a source of congestion. What I am seeing on my network is webpages loading slowly or taking several refreshes to load.This only occurs with NATed clients. Clients on our public range  are not experiencing the issue. 

1248
Views
9
Helpful
8
Replies
CreatePlease login to create content