11-22-2010 01:53 AM - edited 03-11-2019 12:12 PM
I'm running 8.3 on my ASA. If I do a 'show xlate', I have an idle parameter and a timeout parameter. Can anyone tell me what these mean, eg:
FW#sh xlate
1439 in use, 3223 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from INSIDE:180.10.34.173 to outside:193.105.212.5
flags s idle 0:00:05 timeout 0:00:00
11-22-2010 09:29 AM
I am not sure if it of value. It always shows 0:00:00.
Though, use "sh nat detail" to view xlate info in 8.3. "sh xlate" is no longer the best way to check your xlates.
I hope it helps.
PK
11-24-2010 09:38 AM
Idle is the last time that xlate received a packet. Timeout is when the xlate will be removed. ie: once idle reaches timeout, then the xlate is removed.
For static translations, the timeout should always be 0 (infinity) as the ASA won't ever remove them.
For dynamic translations, the timeout is set either globally (timeout xlate 3:00:00 - by default), or on a flow basis with a policy-map.
For dynamic PAT translations, the timeout is hardcoded at 30 seconds, and cannot be configured.
Hope it helps,
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide