NAT TCP Timeout default values. WHY ?

Discussion in 'Cisco' started by JCVD, Feb 19, 2004.

  1. JCVD

    JCVD Guest

    Can someone please quickly explain to me why the TCP timeout for NAT
    translations is 24 hours ?

    And if possible explain why the other NAT timeout values have been

    This seems to be an industry standard with routers AND firewalls.

    Can someone also answer that when a TCP RST or FIN flag is seen in a
    packet does this NAT translation automatically get placed in the
    "available" queue ?


    JCVD, Feb 19, 2004
    1. Advertisements

  2. TCP doesn't talk when it doesn't need to. You can have an established
    TCP connection and no traffic for extended periods, so you don't want to
    be too quick to break it by removing a NAT translation entry for lack of
    activity, hence 24 hours.

    From the usage guidelines for the "ip nat translation timeout .." command:

    "TCP translations time out in 24 hours, unless an RST or FIN bit is seen
    on the stream, in which case they will time out in 1 minute."
    Martin Gallagher, Feb 19, 2004
    1. Advertisements

  3. JCVD

    Hansang Bae Guest

    RST I can understand. But FIN is a two way conversation process. I can
    send a FIN and the other side isn't obligated to send one w/in a minute.



    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    Hansang Bae, Feb 19, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.