9-16
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
Using Dynamic NAT and PAT
Setting Connection Limits in the NAT Configuration
The NAT configuration lets you set some options for traffic that cannot be set anywhere else, including
the following:
• Setting the maximum connections—The maximum number of simultaneous TCP and/or UDP
connections for the entire subnet up to 65,536.
• Setting the maximum embryonic connections—The maximum number of embryonic connections
per host up to 65,536. An embryonic connection is a connection request that has not finished the
necessary handshake between source and destination. This limit enables the TCP intercept feature.
(See the “Other Protection Features” section on page 1-6 for more information.)
• Disabling TCP sequence number randomization—Only use this option if another in-line firewall is
also randomizing sequence numbers and the result is scrambling the data.
When you do not want to use NAT, such as for a transparent firewall or same security interfaces, you can
set these options in an identity NAT statement or a NAT exemption statement.
Using Dynamic NAT and PAT
This section includes the following topics:
• Dynamic NAT and PAT Implementation, page 9-17
• Configuring NAT or PAT, page 9-23
To Next Page
Loading...
Need help?
General