You can't put percentage for xlates has it doesn't have limits Checkout http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mngcntxt.html#wp1113834
With regards Kings On Thu, May 10, 2012 at 2:33 PM, екатерина леонова <[email protected]>wrote: > Hi, guys! > > I have question regarding resource limitation in multicontext mode on > Cisco ASA. > I want to limit xlates per context proportionally (as a percentage), I > don't want to use absolute value. > > I know that xlate value is unlimited on Cisco ASA (as opposed to Cisco > FWSM. In Cisco FWSM there's limit for 256,000 concurrent NAT or PAT > translations). > > But as I see the output of command syntax, here it should be possibility > for using `%`: > > ASA1(config-class)# limit-resource xlates ? > > class mode commands/options: > WORD Value of resource limit (in <value> or <value>%) > > But I'm getting error when try to set value in %: > > ASA1(config-class)# limit-resource xlates 50% > ERROR: Capacity unknown for this resource type > > ASA1(config-class)# limit-resource xlates 50.00% > ERROR: Capacity unknown for this resource type > > So i'm considering some others ways to do it. > > As I know it could be more NAT entries than the maximum number of > concurrent connections. The number of active NAT translations (xlates) is > capped by the available memory, not the concurrent connection limit for the > platform. > There is information that it's spending around 260 bytes per xlate. > So we can try to calculate maximum number of xlates knowing amount of > memory for the platform. But my gut tells me that it's not correct solution) > > One more addition: > > If we type extremely large number for xlates in limit-resource class we > get finite value in show command: > > class LIMIT_XLATE > limit-resource xlates 999999999999999999999999 > > ASA1(config-class)# sh run class > > class TEST > limit-resource Xlates 2147483647 > > 2147483647 is actually (2^31) -1 > > Check the following: > > ASA1(config-ctx)# sh resource allocation | I Xlate > > Resource Total % of Avail > Xlates 2147483647(U) 0.00% > > But I'm sure that it's not possible to maintain that huge number per > platform. > > Any ideas? I'll be really appreciate for help. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
