Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA Nat rule - Timeout

Hi,

We installed a cisco asa 5510 in front of our netwerk with a natrule point to the owa publishing rule of an MS Isa.

Since we placed the asa in front of our network, clients are complaining that the sessions are disconnected after 3 minutes.

Can this timeout finetuned on a cisco asa 5510

Best regards

Jorg

5 REPLIES
New Member

Re: Cisco ASA Nat rule - Timeout

Can you post the config?

Bronze

Re: Cisco ASA Nat rule - Timeout

Am I right to assume you've configured a dynamic NAT rule? If so, are you using only one IP in the pool? How many clients do you have? There is an xlate timeout that defaults to 3 hours, but perhaps it is different in your config. The line is 'xlate timeout xx:xx:xx' (hours,minutes,seconds). You might try increasing the value to see if it helps. Of course, I could be way off-base here, so take my advice with a grain of salt.

New Member

Re: Cisco ASA Nat rule - Timeout

Hi,

Sorry about my incomplete post.

I created a static nat entry.  Is the xlate time-out related to a static nat entry?  In my opinion,only to the dynamic pool as you suggested.

I was thinking more in the direction of tcp time-out, but can't imagine that this is related to this.

The server team told me that the isa time-out was configured to 30 min.

Best regards

Jorg

Bronze

Re: Cisco ASA Nat rule - Timeout

Thanks for the new info. In my previous comment I was looking at it from an outbound client perspective, thus my question about dynamic nat. In the case of the xlate timeout, it is used for both static and dynamic NAT. I doubt that's the issue here though.

There is a connection timeout setting on the ASA -- timeout conn 1:00:00 -- that defaults to one hour. A connection reset after only 3 minutes seems strange. If you wouldn't mind posting a sanitized config here maybe someone can shed some light on it.

New Member

Re: Cisco ASA Nat rule - Timeout

All,

Thanks for the assistance, issue is solved.  It was a timeout issue on the Mircrosoft ISA

Best Regards

Jorg

4120
Views
4
Helpful
5
Replies
CreatePlease login to create content