cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1357
Views
0
Helpful
2
Replies

asa 8.3 timeout parameter in 'show xlate'

Tony Beltram
Level 1
Level 1

I'm running 8.3 on my ASA. If I do a 'show xlate', I have an idle parameter and a timeout parameter. Can anyone tell me what these mean, eg:

FW#sh xlate
1439 in use, 3223 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from INSIDE:180.10.34.173 to outside:193.105.212.5
    flags s idle 0:00:05 timeout 0:00:00

2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

I am not sure if it of value. It always shows 0:00:00.

Though, use "sh nat detail" to view xlate info in 8.3. "sh xlate" is no longer the best way to check your xlates.

I hope it helps.

PK

David White
Cisco Employee
Cisco Employee

Idle is the last time that xlate received a packet.  Timeout is when the xlate will be removed.  ie: once idle reaches timeout, then the xlate is removed.

For static translations, the timeout should always be 0 (infinity) as the ASA won't ever remove them.

For dynamic translations, the timeout is set either globally (timeout xlate 3:00:00 - by default), or on a flow basis with a policy-map.

For dynamic PAT translations, the timeout is hardcoded at 30 seconds, and cannot be configured.

Hope it helps,

David.

Review Cisco Networking for a $25 gift card