Filter
Top Products
Advanced Configuration and Management Guide
• Dynamic timeout – This age timer applies to all entries (static and dynamic) that do not use Port Address
Translation. The default is 120 seconds.
• UDP timeout – This age timer applies to entries that use Port Address Translation based on UDP port
numbers. The default is 120 seconds.
• TCP timeout – This age timer applies to entries that use Port Address Translation based on TCP port
numbers. The default is 120 seconds.
NOTE: This timer applies only to TCP sessions that do not end “gracefully”, with a TCP FIN or TCP RST.
• TCP FIN/RST timeout – This age timer applies to TCP FIN (finish) and RST (reset) packets, which normally
terminate TCP connections. The default is 120 seconds.
NOTE: This timer is not related to the TCP timeout. The TCP timeout applies to packets to or from a host
address that is mapped to an global IP address and a TCP port number (Port Address Translation feature).
The TCP FIN/RST timeout applies to packets that terminate a TCP session, regardless of the host address or
whether Port Address Translation is used.
• DNS timeout – This age timer applies to connections to a Domain Name Server (DNS). The default is 120
seconds.
To change the timeout for a dynamic entry type, use the following CLI method.
USING THE CLI
To change the age timeout for all entries that do not use Port Address Translation to 1800 seconds (one half hour),
enter a command such as the following at the global CONFIG level of the CLI:
HP 9304M or HP 9308M(config)# ip nat timeout 1800
Syntax: [no] ip nat translation timeout | udp-timeout | tcp-timeout | finrst-timeout | dns-timeout <secs>
Use one of the following parameters to specify the dynamic entry type:
• timeout – All entries that do not use Port Address Translation. The default is 120 seconds.
• udp-timeout – Dynamic entries that use Port Address Translation based on UDP port numbers. The default
is 120 seconds.
• tcp-timeout – Dynamic entries that use Port Address Translation based on TCP port numbers. The default is
120 seconds.
• finrst-timeout – TCP FIN (finish) and RST (reset) packets, which normally terminate TCP connections. The
default is 120 seconds.
• dns-timeout – Connections to a Domain Name Server (DNS). The default is 120 seconds.
The <secs> parameter specifies the number of seconds. For each entry type, you can enter a value from 1 –
3600.
Displaying the Active NAT Translations
To display the currently active NAT translations, display the NAT translation table using the following CLI method.
NOTE: For information about the aging timer for NAT translation entries, see “Changing Translation Table
Timeouts” on page 11-7.
USING THE CLI
To display the currently active NAT translations, enter the following command at any level of the CLI:
HP9300(config)# show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 209.157.1.69 10.10.10.69 207.195.2.12 207.195.2.12
11 - 8