CGNAT ISM active and inital session timeout

omadonche · ‎09-20-2013

Hi.

Does somebody know what is the purpose of initial and active session timeout for TCP and UDP sessions in CGNAT configuration. What are their default values. Documentation specifies how to configure it but not what exactly they do.

How to specify session idle timeout or maximum connection time like on other platforms.

Thanks

somnathr · ‎09-20-2013

Hi Omadon,

"Initial" session timeout is for duration when bi-direction traffic flow has not been established.

"Active" session timeout is used when bi-direction traffic flow has been established.

For UDP, initial is 30 sec, active is 120 sec.

For TCP, initial is 120 sec, active is 1800 sec.

Pl. refer to http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/configuration/guide/cgnat43cgn.html#wp1016170 for "how to configure".

regards,

Somnath.

omadonche · ‎09-21-2013

Thanks for the info Somnath.

Just to clarify "active" session timeout. This is total session time out or what? Let say I opened telnet session to some server and session is not idle for 1800 sec, will the session be terminated?

What is the time after normally closed TCP session are removed from NAT table?

Is it possible to emulate "idle session timeout" like on ASA devices.

Thanks

somnathr · ‎09-22-2013

Hi Omadon,

For TCP, suppose, once the bi-directional traffic flow is established, there is no traffic for 1800 sec (i.e., packet counter in NAT DB will not be updated). In that case, the NAT DB entry will be removed.

If RST/FIN packet is received, NAT DB entry goes into INACTIVE state and it is removed after "Initial" timer expiry (i.e., 120 sec).

You can send traffic via a TGEN (Traffic Generator) and can thus verify the behaviour.

regards,

Somnath.