202010: NAT or PAT pool exhausted
Cisco ASA is a security device that provides the combined capabilities of a firewall, an antivirus, and an intrusion prevention system. It also facilitates virtual private network (VPN) connections.It helps to detect threats and stop attacks before they spread through the network.
Message: %ASA-3-202010:[NAT | PAT] pool exhausted forpool-name ,port range [1-511 | 512-1023 | 1024-65535]. Unable to create protocol connection fromin-interface:src-ip/src-port to out-interface:dst-ip/dst-port.
Event 202010 is generated when the ASA does not have any more address translation pools available. The message contains information on the:
- Name of the PAT or NAT pool.
- Protol used to create the connection.
- Ingress interface.
- Source IP address and port number.
- Egress interface.
- Destination IP address and port number.
How could you resolve this situation?
Use the 'show nat pool'and 'show nat detail'commands to determine why all addresses and ports in the pool are used up. If this occurs under normal conditions, then add additional IP addresses to the NAT/PAT pool.