Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A question on NAT timeout options

Hi,

How does routemap-entry-timeout option of ip nat translation command work?

Can it be used with ESP translations?

show ip nat translations verbose shows,

Pro Inside global Inside local Outside local Outside global

--------------------------------------------------

esp 185.0.1.5:0 10.1.1.2:12C 197.20.20.1:0 197.20.20.1:0

create 00:00:05, use 00:00:01 timeout:300000, left 00:04:58, Map-Id(In): 1,

flags:

extended, use_count: 0, entry-id: 14, lc_entries: 0, Entry type : 0

From the above output it appears that by default it is 5 minutes(for ESP).

Could these timeout values be adjusted manually?

Thanks.

2 REPLIES
New Member

Re: A question on NAT timeout options

So here are the translations related to two unidirectional(inbound/outbound) IPSec tunnels.

Pro Inside global Inside local Outside local Outside global

---------------------------------------------------------------

esp 185.0.1.5:0 10.1.1.2:0 197.20.20.1:0 197.20.20.1:12D

create 00:47:48, use 00:20:20 timeout:0, timing-out,

flags:

extended, esp-notimeout, use_count: 1, entry-id: 49, lc_entries: 0

esp 185.0.1.5:0 10.1.1.2:12C 197.20.20.1:0 197.20.20.1:0

create 00:48:26, use 00:02:35 timeout:300000, left 00:02:24, Map-Id(In): 2,

flags:

extended, use_count: 0, entry-id: 48, lc_entries: 0

I'm using ip nat translation routemap-entry-timeout never with dynamic NAT and a route-map

timeout:0 corresponds to the never option used in translation. However this applies only to a routemap created half entry.

Timeout value of the inbound tunnel is unchanged at 5 minutes(=300000ms).

So, for ESP traffic changing NAT translation timeout has no considerable effect and this seems to be dominated by the inbound translation timeout which is 5 minutes.

New Member

Re: A question on NAT timeout options

show ip nat translations verbose

231
Views
0
Helpful
2
Replies
CreatePlease login to create content