Cisco ASA Nat rule - Timeout

Unanswered Question
Dec 2nd, 2009


We installed a cisco asa 5510 in front of our netwerk with a natrule point to the owa publishing rule of an MS Isa.

Since we placed the asa in front of our network, clients are complaining that the sessions are disconnected after 3 minutes.

Can this timeout finetuned on a cisco asa 5510

Best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (2 ratings)
busterswt Wed, 12/02/2009 - 19:54

Am I right to assume you've configured a dynamic NAT rule? If so, are you using only one IP in the pool? How many clients do you have? There is an xlate timeout that defaults to 3 hours, but perhaps it is different in your config. The line is 'xlate timeout xx:xx:xx' (hours,minutes,seconds). You might try increasing the value to see if it helps. Of course, I could be way off-base here, so take my advice with a grain of salt.

jorg.ramakers Thu, 12/03/2009 - 00:46


Sorry about my incomplete post.

I created a static nat entry.  Is the xlate time-out related to a static nat entry?  In my opinion,only to the dynamic pool as you suggested.

I was thinking more in the direction of tcp time-out, but can't imagine that this is related to this.

The server team told me that the isa time-out was configured to 30 min.

Best regards


busterswt Thu, 12/03/2009 - 05:28

Thanks for the new info. In my previous comment I was looking at it from an outbound client perspective, thus my question about dynamic nat. In the case of the xlate timeout, it is used for both static and dynamic NAT. I doubt that's the issue here though.

There is a connection timeout setting on the ASA -- timeout conn 1:00:00 -- that defaults to one hour. A connection reset after only 3 minutes seems strange. If you wouldn't mind posting a sanitized config here maybe someone can shed some light on it.

jorg.ramakers Tue, 12/08/2009 - 23:45


Thanks for the assistance, issue is solved.  It was a timeout issue on the Mircrosoft ISA

Best Regards



This Discussion