Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is there a PAT/NAT session limit on PIX501 ?

Status
Not open for further replies.
Myster

Myster

IS-IT--Management
Feb 16, 2005
18
DE
Hello everybody,

I've got a strange situation at the office.
Our outside FW is a PIX 501, and 2 times a day I have to "clear xlate" to allow users to access to the internet.

What happens is likely that we reach some kind of PAT limit on the PIX. Most users can still access the internet, a few ones, the lasts who tried to connected, cannot go through the PIX.

My experimentations showed that this limit seems to be set to 200.
Is there a statement I could add to increase this limit ? Is this a PIX501 limitation ?

Our PIX info :
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0011.bb0f.cca4, irq 9
1: ethernet1: address is 0011.bb0f.cca5, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 50
Throughput: Unlimited
IKE peers: 10

This PIX has a Restricted (R) license.

We only have 35 user machines, and my last "sh xlate" gave me 22 machines, 173 connections.
 
Sort by date Sort by votes
Hi,

I had a similar problem with a cisco router doing nat translations and all of a sudden locking up. I also had to clear xlate to get it to work. The problem turned out to be a ram issue. I was maxing out the physical ram. We upgraded the memory and problem was solved. Hope this helps.
 
Upvote 0 Downvote
As the previous poster mentions, NAT uses a lot of memory to store all the translations active at the time. PAT uses even more memory as it has to store all the layer 4 translations too.

I've seen a PAT-enabled device max out the resources of a Cisco device before. The solution typically is either migrate away from PAT or buy more physical RAM
 
Upvote 0 Downvote
Hi all,

Thanks for your answers.
I'll have a look at the memory next time the pb occurs.

Right now, every goes OK and the "sh mem" gives me this :

Free memory: 4419240 bytes
Used memory: 12357976 bytes
------------- ----------------
Total memory: 16777216 bytes

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
638
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
607
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
497
nnaarrnn
nnaarrnn
steve777777
  • Locked
  • Question
Cisco ASA VPN+NAT
Replies
0
Views
110
steve777777
steve777777
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
153
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top