[c-nsp] NAT timeout
Alex Wa
awain567 at yahoo.com
Thu Oct 2 17:26:04 EDT 2008
Hi guys,
We have a router configured to work with 2 ISPs, one of them through a satelite link. This particular link is beeing monitored with a ip sla and track commands. when this link fails the default route is deleted automatically form the routing table, and the backup default route is then installed. We also use automatic nat failover. The problem is that some inside servers that always go to the same destination IP/PORT get NATed in the moment the backup link is up, and when the primary comes up they go to the internet with the source address equal to the backup outside interface. this NAT "lease" stays for days beacuse this particular servers are doing icmp every 10 seconds. that causes asymetric routing, packets going out through one link and returning through the other. When we flush NAT translations everything returns to normal, of course, but we don't want to have to do it manually. the question is? do we need to reduce NAT icmp timeout to less than
10 seconds or there is another solution?. I can provide the config if you guys need it.
regards,
Alejandro wainshtok
More information about the cisco-nsp
mailing list