Advanced Configuration and Management Guide

Dynamic timeout – This age timer applies to all entries (static and dynamic) that do not use Port Address Translation. The default is 120 seconds.

UDP timeout – This age timer applies to entries that use Port Address Translation based on UDP port numbers. The default is 120 seconds.

TCP timeout – This age timer applies to entries that use Port Address Translation based on TCP port numbers. The default is 120 seconds.

NOTE: This timer applies only to TCP sessions that do not end “gracefully”, with a TCP FIN or TCP RST.

TCP FIN/RST timeout – This age timer applies to TCP FIN (finish) and RST (reset) packets, which normally terminate TCP connections. The default is 120 seconds.

NOTE: This timer is not related to the TCP timeout. The TCP timeout applies to packets to or from a host address that is mapped to an global IP address and a TCP port number (Port Address Translation feature). The TCP FIN/RST timeout applies to packets that terminate a TCP session, regardless of the host address or whether Port Address Translation is used.

DNS timeout – This age timer applies to connections to a Domain Name Server (DNS). The default is 120 seconds.

To change the timeout for a dynamic entry type, use the following CLI method.

USING THE CLI

To change the age timeout for all entries that do not use Port Address Translation to 1800 seconds (one half hour), enter a command such as the following at the global CONFIG level of the CLI:

HP 9304M or HP 9308M(config)# ip nat timeout 1800

Syntax: [no] ip nat translation timeout udp-timeout tcp-timeout finrst-timeout dns-timeout <secs>

Use one of the following parameters to specify the dynamic entry type:

timeout – All entries that do not use Port Address Translation. The default is 120 seconds.

udp-timeout– Dynamic entries that use Port Address Translation based on UDP port numbers. The default is 120 seconds.

tcp-timeout– Dynamic entries that use Port Address Translation based on TCP port numbers. The default is 120 seconds.

finrst-timeout– TCP FIN (finish) and RST (reset) packets, which normally terminate TCP connections. The default is 120 seconds.

dns-timeout– Connections to a Domain Name Server (DNS). The default is 120 seconds.

The <secs> parameter specifies the number of seconds. For each entry type, you can enter a value from 1 – 3600.

Displaying the Active NAT Translations

To display the currently active NAT translations, display the NAT translation table using the following CLI method.

NOTE: For information about the aging timer for NAT translation entries, see “Changing Translation Table Timeouts” on page 11-7.

USING THE CLI

To display the currently active NAT translations, enter the following command at any level of the CLI:

HP9300(config)# show ip nat translation

 

 

Pro

Inside global

Inside local

Outside local

Outside global

---

209.157.1.69

10.10.10.69

207.195.2.12

207.195.2.12

11 - 8