[c-nsp] ASR9k for large scale NAT?
Nikolay Shopik
shopik at inblock.ru
Tue Mar 6 09:14:16 EST 2012
On 06/03/12 17:51, Chuck Church wrote:
> I'm curious what the default NAT timeouts for IOS-XE are. A lot of the
> normal IOS ones are 24 hours, which is WAY too long for dynamic large scale
> use. An hour is much more reasonable.
As soon IOS NAT sees close/fin or fin/ack bits, it set session to 5
minutes to expire. So only not proper closed session become there for 24
hours iirc.
More information about the cisco-nsp
mailing list