[c-nsp] Timeout value on ASA
Peter Rathlev
peter at rathlev.dk
Wed May 9 14:24:24 EDT 2012
On Wed, 2012-05-09 at 18:09 +0000, Judith Sanders wrote:
> Here is an output from my ASA- this is part of my tunnel that the
> applications timeout thru...
...
> NAT from inside:172.16.1.201 to outside:64.250.19x.xx
> flags s idle 4:23:07 timeout 0:00:00
This would be from "show xlate" and describing a "static" NAT. If you
suspect the ASA tears down connections you need to look at e.g. "show
conn address 192.0.2.1" instead.
Looking at log files might prove easier, since "show conn" of course
doesn't mention connections that have already been torn down.
I wasn't aware exactly how "timeout xlate" worked, but from what David
describes there's no need to adjust it. At the time it becomes relevant
the ASA has already torn down the connection.
--
Peter
More information about the cisco-nsp
mailing list