Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
48912
Views
5
Helpful
0
Comments

How to configure a NAT translation timeout

TCC_2
Level 10
Level 10

‎06-22-2009 06:16 PM - edited ‎03-01-2019 04:20 PM

 

Introduction

How to configure a NAT translation timeout

Core Issue

Dynamic Network Address Translation (NAT) creates entries in the table when a packet crosses from the inside NAT interface to the outside NAT interface, or the other way around. These entries have a default timeout value of 86400 seconds (24 hours), after which they are removed from the table if there is no activity for the duration of the timeout. Static NAT entries never time out and always remain in the table.

Resolution

When using dynamic NAT, reducing the timeout value may be necessary when the duration of communication between the end-hosts is short, and a small pool of global addresses is used for translating a larger pool of local addresses. This allows the existing NAT entries to expire quickly so that the global addresses can be reused by the local addresses.

To modify the timeout value from the default, issue the ip nat translation timeout seconds |  never command from the global configuration mode. If NAT overloading is configured with dynamic translation, you can modify the timeout values on a protocol basis.

Configuring translation timeouts

ip nat translation timeout <seconds>


Dynamic translations time out after a period of non-use. When port translation is not configured, translation entries time out after 24 hours. This time can be adjusted with the above command or the following variations:

ip nat translation udp-timeout <seconds>
ip nat translation dns-timeout <seconds>
ip nat translation tcp-timeout <seconds>
ip nat translation finrst-timeout <seconds>


When port translation is configured, there is finer control over translation entry timeouts, because each entry contains more context about the traffic using it. Non-DNS UDP translations time out after 5 minutes; DNS times out in 1 minute. TCP translations time out after 24 hours, unless a RST or FIN is seen on the stream, in which case it times out in 1 minute.


Exec Commands

• Showing active translations
show ip nat translations [ verbose ]

• Showing translation statistics
show ip nat statistics

• Clearing dynamic translations
clear ip nat translation *
Clears all dynamic translations.
clear ip nat translation <global-ip>
Clears a simple translation.
clear ip nat translation <global-ip> &ltlocal-ip> <proto> <global-port> <local-port>
Clears a particular dynamic translation.

• Debugging
debug ip nat [ <list> ] [ detailed ]

Reference

Cisco IOS Network Address Translation Overview

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents