PIX1# sh xlate debug

klwilson · ‎01-04-2005

I need help interpreting the below. Xlate timeouts on this PIX are set for 3 hours. Host 192.168.5.4 is showing IDLE status with a 7 hour 35 minute xlate time. Shouldn't the PIX have timed the translation out after 3 hours, or am I reading this incorrectly? Thanks,

PIX1# sh xlate debug | grep 192.168.5.4

NAT from inside:192.168.5.4 to vBNS:192.168.5.4 flags s idle 7:35:00 timeout 3:00

:00

NAT from inside:192.168.5.4 to IDN:192.168.5.4 flags s idle 0:57:25 timeout 3:00:

00

PIX1# sh timeout

timeout xlate 3:00:00

timeout conn 2:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

scoclayton · ‎01-05-2005

You are reading this correctly. What version of code are you running on this PIX?

Scott

klwilson · ‎01-05-2005

6.3(3)

alutsik · ‎01-06-2005

As far as I understand "flags s" means that translation is static, and again to my understanding static translations are not going to expire from XLATE. FOr example, here's what I found inside my PIX:

NAT from inside:10.25.4.82 to dmz:10.25.4.82 flags s idle 325:30:04 timeout 3:00:00

Hope this would help.

Alex.

klwilson · ‎01-06-2005

OK, that helps. thanks!

scoclayton · ‎01-06-2005

Ooops, missed the static flag in the orginal post. Thanks for catching that and you are correct.

Scott