[c-nsp] NAT/PAT question
Goran Gajic
ggajic at sbb.co.yu
Mon May 2 08:07:15 EDT 2005
Problem is not with CEF load sharing since 12.3(14)T has NAT inside CEF
and that is not an issue. Issue is that many server (irc/icq/p2p etc.)
consider so many users coming from one ip address as abuse. That is reason
why I need PAT to use as many address inside pool as it can. Unfotunately
design of my network is suck that there is no option to use 1:1 mapping.
Regards,
Goran Gajic
On Mon, 2 May 2005, Oliver Boehmer (oboehmer) wrote:
>
>>
>> We have 7206VXR running IOS 12.3(14)T. It is configured to run
>> PAT (NAT overload). We have nat pool range from x.y.z.64 to
>> x.y.z.254. But, problem I see is that only first address is always
>> used for PAT translations. Is there any way to make PAT use all ip
>> address in pool. Here is part from running-config:
>
> PAT algorithm is documented at
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item091
> 86a00800e523b.shtml#Q14
>
> It confirms your observation.
>
>> So, my question is: why only one ip address is always allocated?
>> What can be done to make PAT use all ip address in pool randomly?
>> I've looked through cisco documentation but couldn't find anything.
>> Since users are PAT-ed through one ip address in pool it makes quite
>> a big problem.
>
> Why so? What is the problem you're experiencing? CEF load-sharing could
> be an issue..
>
> oli
>
More information about the cisco-nsp
mailing list