Disadvantages of PAT
Using PAT has some disadvantages because it takes away end-to-end reachability. These disadvantages
are as follows:
You cannot use Ping from an outside host to a host in the private network.
Telnet from an outside host to an inside host is not forwarded unless the Telnet port handler
is configured.
Only one FTP server and one Telnet server are supported on the inside network.
Packets destined for the router itself and not an inside network IP address, such as DHCP,
SNMP, PING, or TFTP, are not rejected or filtered by PAT.
Because the 700 series is a low-end solution, if more than 12 PCs try to boot up simultaneously
on the inside, one or more might get an error message about not being able to
access the server.
The PAT table is limited to 400 entries for the inside machines to share. If TCP translations
are set up and the TCP timeouts are kept alive, no more than 400 machines can get to the
outside world at any one time.
The Cisco 700 series router with PAT enabled does not handle any fragmented FTP packets;
this needs to be noted when troubleshooting.
Some well-known ports cannot have port handlers defined. They include the following:
DHCP client ports used by the router for getting DHCP server responses
WINS NetBIOS ports used by the inside network clients operating Windows 95 PCs to
get WINS information