Network Address
Translation Thresholds
Thresholds generate
alerts or alarms based on either the total number of Network Address
Translation (NAT) calls setup by the system during the specified
polling interval, or on the number of currently active calls only.
Syntax
Alerts or alarms are
triggered for call setups based on the following rules:
- Enter condition: Actual
number of call setups > or = High Threshold
- Clear condition: Actual
number of call setups < Low Threshold.
If a trigger condition
occurs within the polling interval, the alert or alarm will not
be generated until the end of the polling interval.
Default value is 0,
which means there will be no monitoring.
The polling interval
is in seconds and it is an integer between 30 and 60000. Entries
will be rounded up to the nearest 30 seconds.
Configuring NAT
Thresholds
This section
describes how to enable and configure NAT thresholds.
Enabling Thresholds
To enable thresholds
use the following configuration:
configure
threshold
monitoring firewall
context <context_name>
threshold
monitoring available-ip-pool-group
end
Notes:
The threshold monitoring
available-ip-pool-group command is required only if you
are configuring IP pool thresholds. It is not required if you are
only configuring NAT port-chunks usage threshold or many-to-one NAT.
Configuring Threshold
Poll Interval
To configure
threshold poll interval use the following configuration:
configure
threshold
poll ip-pool-used interval <interval>
threshold
poll nat-port-chunks-usage interval <interval>
end
Notes:
The threshold poll nat-port-chunks-usage interval command
is only applicable to many-to-one NAT.
Configuring Thresholds
Limits
To configure
threshold limits use the following configuration:
configure
context <context_name>
threshold
ip-pool-free <high_thresh> [ clear <low_thresh> ]
ip-pool-hold <high_thresh> [ clear <low_thresh> ]
ip-pool-release <high_thresh> [ clear <low_thresh> ]
ip-pool-used <high_thresh> [ clear <low_thresh> ]
exit
threshold
nat-port-chunks-usage <high_thresh> clear <low_thresh>
end
Notes:
- Thresholds configured
using the threshold
ip-pool-* commands in the Context Configuration
Mode apply to all IP pools in the context
- Thresholds configured
using the alert-threshold keyword
are specific to the pool that they are configured in, and will take
priority, i.e. will override the context-wide configuration mentioned above.
Saving Your Configuration
When you configure
thresholds they are not permanent unless you save the changes. When you
have completed configuring thresholds, save your configuration to
flash memory, an external memory device, and/or a network
location using the Exec mode command save configuration.
For additional information on how to verify and save configuration
files, refer to the System Administration Guide and the Command
Line Interface Reference.