Hi All,
We have a wifi network for guests, that we route to internet through an old PIX515 Firewall. We recently tuned the timers to lower values in order to "save" on resources and publix address usage.
The timers we use are:
timeout xlate 0:30:00
timeout conn 0:30:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02
Through verifying the new timers, we noticed at some xlate connections (TCP PAT) that are idle for ever!!
Any ideas why?
sh xlate debug
TCP PAT from wifi_fw:10.110.20.7/49790 to OUTSIDE_TR:xx.282.45.202/65266 flags ri idle 29:33:54 timeout 0:00:30
In the connection table, I cannot find an idle connection for longer than 1h....