A follow up question to that posted by a user on May 3rd, 2009.
On my 2621XM that uses DHCP to obtain an IP addresss from my ISP, I have a reflexive acl that allows all inside-originated traffic out and responses back in.
I do successfully obtain an IP address and all connectivity from inside works well - for about 20 minutes. Ater 20 minutes or so (the time can vary), I lose communication to the internet.
The router still has the IP address but I can no longer reach the ISP or any where else. As simple shut/no shut of the outside interface restores communication. I don't see any errors or messages in the log file. I don't see anything in debug of ip packets to indicate why it would stop functioning. I've increased the ACL aging value to 1 hour (3600 seconds).
It is not an issue with the ISP as when I use my Linksys rather than the 2621 I don't lose connectivity.
Reflexive access list entries expire after no packets in the session have been detected for a certain length of time (the "timeout" period). You can specify the timeout for a particular reflexive access list when you define the reflexive access list. But if you do not specify the timeout for a given reflexive access list, the list will use the global timeout value instead.
The global timeout value is 300 seconds by default. But, you can change the global timeout to a different value at any time.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...