[nsp] PIX xlate timeouts
Matt Stevens
matt at scoe.org
Tue Mar 11 14:37:40 EST 2003
What timeout settings are others using on their PIX? We're running into
issues where we're using up all the addresses in our pool (we have about a
/20 worth of addresses in the pool) because xlate slots aren't timing out
until evening hours when load drops.
Here's what we're using currently:
xlate 1:00:00
conn 0:45:00
half-closed 0:10:00
udp 0:02:00
rpc 0:10:00
h323 0:00:00
sip 0:30:00
sip_media 0:02:00
This is with PIX 6.2 - in the past we've had problems where certain
combinations of timeout values cause the PIX to not flush xlate slots at
all, resulting in a constant depletion of addresses in the pool. I've never
been able to nail down an exact explanation of how the different values
interact, which makes it hard to properly tweak them.
Anyone?
--
matt
More information about the cisco-nsp
mailing list