cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1155
Views
0
Helpful
1
Replies

SSH sessions over NAT will timeout and disconnect, why?

Tristan G
Level 1
Level 1

Hi,

I've got a 2851 running 12.4(11)XW5 where I run CallManager Express, some IP accounting and NAT.

Unfortunately while it all works painlessly, SSH sessions will timeout after idle inactivity going out of the NAT interface to the outside world. The reverse is also true, where SSH sessions to a server behind the NAT interface via a NAT static translation rule will also suffer the same timeout.

NAT sessions internally are fine, as are sessions externally via my IPv6 tunnel. These servers are fine as my sessions stay active for days from other systems.

I've tried:

ip nat translation timeout never

ip nat translation tcp-timeout never

but with no success.

sh ip nat stat:

Total active translations: 120 (1 static, 119 dynamic; 120 extended)

Outside interfaces:

GigabitEthernet0/0

Inside interfaces:

GigabitEthernet1/0.1, GigabitEthernet1/0.120, Loopback0

Hits: 192029370 Misses: 4998710

CEF Translated packets: 179702310, CEF Punted packets: 35974282

Expired translations: 6830497

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 102 interface GigabitEthernet0/0 refcount 31

Queued Packets: 0

Any suggestions?

1 Reply 1

apach
Level 1
Level 1

After ip nat translation timeout never, ip nat translation tcp-timeout never you need clear old translation.... clear ip nat translation tcp and udp, all new accept new time-out rule.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco