[c-nsp] NAT/PAT question
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon May 2 09:56:12 EDT 2005
Goran Gajic <> wrote on Monday, May 02, 2005 2:07 PM:
> Problem is not with CEF load sharing since 12.3(14)T has NAT inside
> CEF and that is not an issue.
I meant load-sharing further up in the network towards your NAT-router..
> Issue is that many server (irc/icq/p2p
> etc.) consider so many users coming from one ip address as abuse.
Hmm, ouch.. do you happen to have some reference regarding this
abuse-policy?
> That is reason why I need PAT to use as many address inside pool as
> it can. Unfotunately design of my network is suck that there is no
> option to use 1:1 mapping.
Let me check with some NAT folks if there is anything in the works to
alter the behavior..
oli
>
> On Mon, 2 May 2005, Oliver Boehmer (oboehmer) wrote:
>
>>
>>>
>>> We have 7206VXR running IOS 12.3(14)T. It is configured to run
>>> PAT (NAT overload). We have nat pool range from x.y.z.64 to
>>> x.y.z.254. But, problem I see is that only first address is always
>>> used for PAT translations. Is there any way to make PAT use all ip
>>> address in pool. Here is part from running-config:
>>
>> PAT algorithm is documented at
>>
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item091
>> 86a00800e523b.shtml#Q14
>>
>> It confirms your observation.
>>
>>> So, my question is: why only one ip address is always allocated?
>>> What can be done to make PAT use all ip address in pool randomly?
>>> I've looked through cisco documentation but couldn't find anything.
>>> Since users are PAT-ed through one ip address in pool it makes quite
>>> a big problem.
>>
>> Why so? What is the problem you're experiencing? CEF load-sharing
>> could be an issue..
>>
>> oli
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list