I'm installing a firewall for a WISP and am trying to find a list of limitations of using PAT on the PIX525. The safe decision is NAT however, many public IP's are needed. If I choose PAT, how am I limiting Internet access?
The PIX can handle up to 64000 PAT connections, but in the real world you don't wont to PAT for more than about 4,000 - 5,000 connections. You can get very creative with this though. You can have multiple PAT pools and have each pool serve a single subnet on the inside. Or you can have a pool of NAT address to use and have the last address of the pool be a PAT.
The one thing I recall when we moved from NAT to PAT was a notice saying that certain multimedia applications, mainly in the streaming video category, had problems with PAT. In our environment, that wasn't too big a deal, and I have not heard any complaints to date. In an ISP environment, you may have more requirements in this area, though. If you search Cisco's website for PAT tips, I think you could find the exact tip somewhere in there.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...