I need a help with the regards to clarification of Hide NAT. According to sk27396, Hide NAT has a limitation of 50.000 simultaneous connections to the same destination. And one of the recomendation provided in the same sk27396 is to Hide behind a range of addresses instead of Hiding behind a single address. Therefore, I need clarification on the following questions that I have:
1. When hiding behind a range of addresses, how is the range IP allocated? Does it use the first available IP in the range, and when it reaches the maximum number of allowed connections (50.000), it automatically starts using the next available IP in the range, or we as administrator can influence on how the IPs in the range for Hide NAT are allocated?
2. Is there any command to verify the number of simultaneous connection to the same destination on the Firewall?
The reason for my questions is because I am hiding a network of many users (Ex: 10.10.0.0/18) behind a single IP address, and they all establish simultaneous connections to the DNS server which is on the Internet leaving my internal network with the single public IP address assigned for Hide NAT. The users of this network use it in order to perform multiple sales transactions.
Your help will be really appreciated.