×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CGNAT ISM active and inital session timeout

Unanswered Question
Sep 20th, 2013
User Badges:

Hi.


Does somebody know what is the purpose of initial and active session timeout for TCP and UDP sessions in CGNAT configuration. What are their default values. Documentation specifies how to configure it but not what exactly they do.


How to specify session idle timeout or maximum connection time like on other platforms.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
somnathr Fri, 09/20/2013 - 03:59
User Badges:
  • Cisco Employee,

Hi Omadon,


"Initial" session timeout is for duration when bi-direction traffic flow has not been established.

"Active" session timeout is used when bi-direction traffic flow has been established.


For UDP, initial is 30 sec, active is 120 sec.

For TCP, initial is 120 sec, active is 1800 sec.


Pl. refer to http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/configuration/guide/cgnat43cgn.html#wp1016170 for "how to configure".


regards,

Somnath.

omadonche Sat, 09/21/2013 - 21:56
User Badges:

Thanks for the info Somnath.


Just to clarify "active" session timeout. This is total session time out or what? Let say I opened telnet session to some server and session is not idle for  1800 sec, will the session be terminated?


What is the time after normally closed TCP session are removed from NAT table?


Is it possible to emulate "idle session timeout" like on ASA devices.


Thanks

somnathr Sun, 09/22/2013 - 20:10
User Badges:
  • Cisco Employee,

Hi Omadon,


For TCP, suppose, once the bi-directional traffic flow is established, there is no traffic for 1800 sec (i.e., packet counter in NAT DB will not be updated). In that case, the NAT DB entry will be removed.


If RST/FIN packet is received, NAT DB entry goes into INACTIVE state and it is removed after "Initial" timer expiry (i.e., 120 sec).


You can send traffic via a TGEN (Traffic Generator) and can thus verify the behaviour.


regards,

Somnath.

Actions

This Discussion