Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Xlate Timeouts

Hi All,

We have a wifi network for guests, that we route to internet through an old PIX515 Firewall. We recently tuned the timers to lower values in order to "save" on resources and publix address usage.

The timers we use are:

timeout xlate 0:30:00

timeout conn 0:30:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02

Through verifying the new timers, we noticed at some xlate connections (TCP PAT) that are idle for ever!!

Any ideas why?

sh xlate debug

TCP PAT from wifi_fw:10.110.20.7/49790 to OUTSIDE_TR:xx.282.45.202/65266 flags ri idle 29:33:54 timeout 0:00:30

In the connection table, I cannot find an idle connection for longer than 1h....

1 REPLY
Cisco Employee

Xlate Timeouts

What version of software are you running? there might be bug in that particular version.

Also, is that static or dynamic NAT?

259
Views
0
Helpful
1
Replies
CreatePlease to create content