Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

asa 8.3 timeout parameter in 'show xlate'

I'm running 8.3 on my ASA. If I do a 'show xlate', I have an idle parameter and a timeout parameter. Can anyone tell me what these mean, eg:

FW#sh xlate
1439 in use, 3223 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from INSIDE:180.10.34.173 to outside:193.105.212.5
    flags s idle 0:00:05 timeout 0:00:00

2 REPLIES
Cisco Employee

Re: asa 8.3 timeout parameter in 'show xlate'

I am not sure if it of value. It always shows 0:00:00.

Though, use "sh nat detail" to view xlate info in 8.3. "sh xlate" is no longer the best way to check your xlates.

I hope it helps.

PK

Silver

Re: asa 8.3 timeout parameter in 'show xlate'

Idle is the last time that xlate received a packet.  Timeout is when the xlate will be removed.  ie: once idle reaches timeout, then the xlate is removed.

For static translations, the timeout should always be 0 (infinity) as the ASA won't ever remove them.

For dynamic translations, the timeout is set either globally (timeout xlate 3:00:00 - by default), or on a flow basis with a policy-map.

For dynamic PAT translations, the timeout is hardcoded at 30 seconds, and cannot be configured.

Hope it helps,

David.

1062
Views
0
Helpful
2
Replies