Filter
Top Products
23-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Cisco IOS Routers
NAT Page: Timeouts
Use the NAT Timeouts tab of the router’s NAT page to manage the timeout values for port address
(overload) translations. These timeouts cause a dynamic translation to expire after a specified period of
inactivity. In addition, you can use options on this page to place a limit on the number of entries allowed
in the dynamic NAT table, and to modify the default timeout on all dynamic translations that do not
include PAT processing.
About Dynamic NAT Timeouts
Dynamic NAT translations have a timeout period for non-use, after which they expire and are purged
from the translation table. If you enable the Overload feature for performing PAT, you can specify a
variety of values that provide finer control over these timeouts, because each translation entry contains
additional contextual information about the traffic using it.
For example, non-DNS translations time out by default after five minutes, but DNS translations time out
after 1 minute. Further, TCP translations time out after 24 hours, unless an RST or FIN is seen on the
stream, in which case they time out after one minute. You can change any of these timeout values.
Note If you disable the Port Translation (Overload) feature for all dynamic rules, you need not enter any
PAT-related timeout values. However, you can still modify the default timeout value for non-PAT
dynamic translations. (By default, all dynamic translations expire after 24 hours.) For more information
about the Overload feature, see NAT Dynamic Rule Dialog Box, page 23-11.
Navigation Path
• (Device view) Select NAT from the Policy selector, then click the Timeouts tab.
• (Policy view) Select NAT (Router) > Translation Rules from the Policy Type selector. Select an
existing policy or create a new one, and then click the Timeouts tab.
Related Topics
• NAT Page: Interface Specification, page 23-6
• NAT Page: Static Rules, page 23-6
• NAT Page: Dynamic Rules, page 23-10
Field Reference
Table 23-4 NAT Timeouts Tab
Element Description
Max Entries The maximum number of entries allowed in the dynamic NAT table.
You can enter a value between 1 and 2147483647, or you can leave the
field blank (the default), which means that the number of entries in the
table is unlimited.
Timeout (sec.) The number of seconds after which dynamic translations expire; this
does not apply to PAT (overload) translations. The default is 86400
seconds (24 hours).