Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Recommended NAT pool size?


Is there a formula to figure out how many global addresses you should use for NAT. For example I have 250 users, how many addresses should I use for the NAT pool?



  • Other Security Subjects
Cisco Employee

Re: Recommended NAT pool size?

there is no formula.

Best is 250 global addresses.

What you can do is analyse your traffic patern and see how many users you have connected at the same time. If only 100 connections at the same time, use 100.

Also, don't forget you can do PAT. So 1 global can be used for multiple inside addresses.

New Member

Re: Recommended NAT pool size?

Absolutely, use PAT! PAT can handle much, much, much more than 250 users. What happens is, the pool is used in consecutive order. Which means, when PAT can no longer use the first address, it moves on to the second, and the third, and so on for the pool. If you only have 250 users, then they will always be using the first address, and you would be wasting the other addresses away, because they would never be used.

For example, I had 225 users on my network with a pool of 15 IP Addresses for NAT. If I were to have every one of those users hit a web page at the EXACT time, that web page would show the IP Address of that user being the first address. You would never roll over to the second.

When I learned of this, I removed my pool, and overloaded my interface with a single NAT entry. I still did not get any perfomance decrease.

Just something to chew on.

Aaron Paxson

Systems Admin

Teters Floral Products

New Member

Re: Recommended NAT pool size?

if i may offer my 2 cents:

NAT is multiple private IP addresses to AS MANY public IP addresses. That means if you have a pool of 14 IP addresses, and you have defined only NAT, the 15th user will not go through.

There is no question of a pool when you are doing PAT. PAT means single public IP to multiple private IP addresses.

Since PAT does not work well with certain multimedia programs, the following is suggested:

define NAT with a pool of 6 to 7 public IP addresses (for a company with around 200 users - completely ball-park!!) and also PAT with a single public IP address.

This widget could not be displayed.