Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ip nat translation tcp-timeout

Hi!,

we have problems with Messenguer and NAT. I think that Messenguer uses a protocol not very robust base to a SSL (443) TCP session. The problem is

that out CISCO internet router is configuring with NAT with a tcp-timeout of

60 seconds because of serveral questions. So when a user is not

generating traffic the tcp NAT timeout removes the session. After that

user must reconnect Messenguer.

I think that with the following command perhaps could solve the problem:

"ip nat translation port-timeout tcp 443 never"

After some tests we have noticed that router always applied the timeout that

is configured in the command "ip nat translation tcp-timeout 60".

Is it a normal behaviour? is a bug? Any ideas how can i solve the problem?

CONFIGURATION

ip nat translation tcp-timeout 60

ip nat translation port-timeout tcp 443 never

ip nat pool POOL-PUBLICO X.X.X.X X.X.X.Y netmask 255.255.255.0

Thanks!

ip nat inside source list 1 pool POOL-PUBLICO overload

1 REPLY
Cisco Employee

Re: ip nat translation tcp-timeout

Try using only one command "ip nat translation port-timeout tcp 443 never" by removing the "ip nat translation tcp-timeout 60".

Or

you can use "ip nat translation tcp-timeout ..." with very high value of seconds. Max is 24 hours.

Also don't forget to use "clear ip nat translation * " everytime you change the nat config. For more information pl. visit following url

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/1rfipadr.htm#1019618

257
Views
0
Helpful
1
Replies