Can you post the output of the following commands:
'show run class-map'
'show run policy-map'
'show run service-policy'
'show run sysopt'
'show run flow-export'
We would want to check if you have any custom timeouts configured via MPF. Also, there is a bug with a combination of sysopt and flow-export commands that hold connections open forever. The above output would help us rule out both of these.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...