Port Address Translation
- Chapter 1. Introduction to Security Technologies
- from Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition
- Publisher: Cisco Press
- Released: April 2014
The per-session PAT feature improves the scalability of PAT and, for clustering, allows each member unit to own PAT connections; multi-session PAT connections have to be forwarded to and owned by the master unit. At the end of a per-session PAT session, the ASA sends a reset and immediately removes the xlate. This reset causes the end node to immediately release the connection, avoiding the TIME_WAIT state. Multi-session PAT, on the other hand, uses the PAT timeout, by default 30 seconds. For “hit-and-run” traffic, such as HTTP or HTTPS, the per-session feature can dramatically increase the connection rate supported by one address. Without the per-session feature, the maximum connection rate for one address for an IP protocol is appro...
Share this highlighthttp://www.safaribooksonline.com/a/cisco-asa-all-in-one/19832779/