Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

xlate timeout

I need to change the xlate timeout to free up translation slots more quickly for NAT clients using a global pool. Was going to change the timeout to 30mins instead of default 3 hours. Could this cause any obvious problems?


Re: xlate timeout

The one thing I would caution you on is if you have clients that use long-lived sessions thru the pix, such as telnet, you may want to make sure that those apps have keepalive turned on. Most newer telnet client programs have that option, so that those sessions would not get prematurly terminated.

What will happen with telnet keepalive is that the pix will reset the xlate idle timer back to zero upon receiving the keepalive frame.

Similarly if there are remote database connections make sure the db systems and or applications can use keepalive or some type of hello packets.

If you have a need to change other timeout parms, look at the cisco pix doc, beacuse some parms cannot be lower than others, and the doc can tell you what the dependancies are.