[c-nsp] NAT translation rate limit issue

Ziv Leyes zivl at gilat.net
Sun Nov 21 04:45:05 EST 2010 

Hi,

"ip nat trans max-entries list 20 200" will limit ALL users on the acl together to a total of 200, I don't think you want this.
You better use "ip nat trans max-entries all-host 200" which will give a limit of 200 entries to each host

Hope this helps,
Ziv



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of gregory williamson
Sent: Friday, November 19, 2010 1:20 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] NAT translation rate limit issue

Hi

I could use some assitance. We are trying to limit simaltaneous connections by users and 10000 for everything else. This is to prevent users from using certain programs like bit torrent, etc. When we add the following command to the router the NAT translation table fills and crashes and reloads. The 200 connections command we use does not seem to be doing what we hoped. Does the 200 rate limit count per user or for all users based on the commands we used? What is the best way to fix it.

Thanks for any assistance.

Greg

The following lines were added to the config of our 2811:

ip nat trans max-entries list 20 200  -limits users to 200 NAT Translations

  (ACL 20 selects all 192.168.#.# except 192.168.10.#)

ip nat trans max-entries host 192.168.10.13 10000  -allows 10000 NAT Translations

ip nat trans max-entries host 192.168.10.14 10000 ip nat trans max-entries host 192.168.10.15 10000 ip nat trans max-entries host 192.168.10.22 10000

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!

******** This mail was sent via Mail-SeCure System.********



 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

More information about the cisco-nsp mailing list