Dynamic Nat Disadvantages And Advantages - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 9
Network Address Translation (NAT)
The following figure shows a remote host attempting to initiate a connection to a mapped address. This
address is not currently in the translation table; therefore, the ASA drops the packet.
Figure 9-3
Web Server
www.example.com
Dynamic NAT Disadvantages and Advantages
Dynamic NAT has these disadvantages:
•
•
The advantage of dynamic NAT is that some protocols cannot use PAT. PAT does not work with the
following:
•
•
See
support.
Remote Host Attempts to Initiate a Connection to a Mapped Address
Outside
209.165.201.2
209.165.201.10
Security
Appliance
10.1.2.1
Inside
10.1.2.27
If the mapped pool has fewer addresses than the real group, you could run out of addresses if the
amount of traffic is more than expected.
Use PAT or a PAT fall-back method if this event occurs often because PAT provides over 64,000
translations using ports of a single address.
You have to use a large number of routable addresses in the mapped pool, and routable addresses
may not be available in large quantities.
IP protocols that do not have a port to overload, such as GRE version 0.
Some multimedia applications that have a data stream on one port, the control path on another port,
and are not open standard.
Default Inspections and NAT Limitations, page 12-6
for more information about NAT and PAT
Cisco ASA Series Firewall CLI Configuration Guide
Dynamic NAT
9-13
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
