Network Address Translation Thresholds

Network Address Translation Thresholds

Thresholds generate alerts or alarms based on either the total number of Network Address Translation (NAT) calls setup by the system during the specified polling interval, or on the number of currently active calls only.

Alerts or alarms are triggered for call setups based on the following rules:
  • Enter condition: Actual number of call setups > or = High Threshold

  • Clear condition: Actual number of call setups < Low Threshold.

If a trigger condition occurs within the polling interval, the alert or alarm will not be generated until the end of the polling interval.

Default value is 0, which means there will be no monitoring.

The polling interval is in seconds and it is an integer between 30 and 60000. Entries will be rounded up to the nearest 30 seconds.

Configuring NAT Thresholds

This section describes how to enable and configure NAT thresholds.

Enabling Thresholds

To enable thresholds use the following configuration:

configure 
     threshold monitoring firewall 
     context <context_name> 
          threshold monitoring available-ip-pool-group 
          end 

Notes:

The threshold monitoring available-ip-pool-group command is required only if you are configuring IP pool thresholds. It is not required if you are only configuring NAT port-chunks usage threshold or many-to-one NAT.

Configuring Threshold Poll Interval

To configure threshold poll interval use the following configuration:

configure 
     threshold poll ip-pool-used interval  <interval> 
     threshold poll nat-pkt-drop interval <interval> 
     threshold poll nat-port-chunks-usage interval <interval> 
     end 

Notes:

The threshold poll nat-port-chunks-usage interval command is only applicable to many-to-one NAT.

Configuring Thresholds Limits

To configure threshold limits use the following configuration:

configure 
     context <context_name> 
          threshold ip-pool-free <high_thresh> [ clear <low_thresh> ] 
          ip-pool-hold <high_thresh> [ clear <low_thresh> ] 
          ip-pool-release <high_thresh> [ clear <low_thresh> ] 
          ip-pool-used <high_thresh> [ clear <low_thresh> ] 
          exit 
     threshold nat-pkt-drop <high_thresh> [ clear <low_thresh> ] 
     threshold nat-port-chunks-usage <high_thresh> [ clear <low_thresh> ] 
     end 
Notes:
  • Thresholds configured using the threshold ip-pool-* commands in the Context Configuration Mode apply to all IP pools in the context

  • Thresholds configured using the alert-threshold keyword are specific to the pool that they are configured in, and will take priority, i.e. will override the context-wide configuration mentioned above.

Saving Your Configuration

When you configure thresholds they are not permanent unless you save the changes. When you have completed configuring thresholds, save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration . For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.