[c-nsp] Interesting NAToverload issue

Kevin Graham kgraham at industrial-marshmallow.com
Wed Feb 25 13:27:21 EST 2009



> Is there a solution to this problem? There is one single destination global 
> address. Is there a way to force the usage of the same IP from the NAT pool for 
> all NAT requests from a particular source IP?

As a short-term salve, have you looked at 'ip nat service fullrange'? Usage isn't
entirely clear (never used it as this seems to guarantee tickling bad filters in
the general case), but you should be able to then burn all 64k ports and alleviate
some impact.


More information about the cisco-nsp mailing list