Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1556
Views
0
Helpful
1
Replies

Xlate Timeouts

pavlosd
Level 2
Level 2

‎06-11-2012 02:08 AM - edited ‎03-12-2019 06:03 PM

Hi All,

We have a wifi network for guests, that we route to internet through an old PIX515 Firewall. We recently tuned the timers to lower values in order to "save" on resources and publix address usage.

The timers we use are:

timeout xlate 0:30:00

timeout conn 0:30:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02

Through verifying the new timers, we noticed at some xlate connections (TCP PAT) that are idle for ever!!

Any ideas why?

sh xlate debug

TCP PAT from wifi_fw:10.110.20.7/49790 to OUTSIDE_TR:xx.282.45.202/65266 flags ri idle 29:33:54 timeout 0:00:30

In the connection table, I cannot find an idle connection for longer than 1h....

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-11-2012 10:18 PM

What version of software are you running? there might be bug in that particular version.

Also, is that static or dynamic NAT?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card