Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PAT vs. NAT on the PIX

I'm installing a firewall for a WISP and am trying to find a list of limitations of using PAT on the PIX525. The safe decision is NAT however, many public IP's are needed. If I choose PAT, how am I limiting Internet access?

Community Member

Re: PAT vs. NAT on the PIX

The PIX can handle up to 64000 PAT connections, but in the real world you don't wont to PAT for more than about 4,000 - 5,000 connections. You can get very creative with this though. You can have multiple PAT pools and have each pool serve a single subnet on the inside. Or you can have a pool of NAT address to use and have the last address of the pool be a PAT.

Community Member

Re: PAT vs. NAT on the PIX


I am interested in learning more about the robustness of PAT. You say in real-world circumstances, no more than 4k-5k connections are desired in a PAT configuration. I presume this is per IP?

I am not an engineer, so please forgive my ignorance! I am an interested party in the use of PAT in a service environment.

My perception is that 4k-5k PAT connections for a single IP must see much more latency than a pool of IPs administered by dynamic NAT? Is this true, or is the inherent latency negligible?

Any insight you can lend is greatly appreciated.

Community Member

Re: PAT vs. NAT on the PIX

The one thing I recall when we moved from NAT to PAT was a notice saying that certain multimedia applications, mainly in the streaming video category, had problems with PAT. In our environment, that wasn't too big a deal, and I have not heard any complaints to date. In an ISP environment, you may have more requirements in this area, though. If you search Cisco's website for PAT tips, I think you could find the exact tip somewhere in there.

CreatePlease to create content