I need to change the xlate timeout to free up translation slots more quickly for NAT clients using a global pool. Was going to change the timeout to 30mins instead of default 3 hours. Could this cause any obvious problems?
The one thing I would caution you on is if you have clients that use long-lived sessions thru the pix, such as telnet, you may want to make sure that those apps have keepalive turned on. Most newer telnet client programs have that option, so that those sessions would not get prematurly terminated.
What will happen with telnet keepalive is that the pix will reset the xlate idle timer back to zero upon receiving the keepalive frame.
Similarly if there are remote database connections make sure the db systems and or applications can use keepalive or some type of hello packets.
If you have a need to change other timeout parms, look at the cisco pix doc, beacuse some parms cannot be lower than others, and the doc can tell you what the dependancies are.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...