From: ccie2002@tampabay.rr.com
Date: Fri Aug 22 2003 - 14:25:22 GMT-3
Yes a PIX will close an inactive xlate. By default I think this is at 3 hrs. But more than likey it is the connection timeout that is doing this. It is by default 1 hr and 30 minutes for half closed sessions. I would not change this because an app doesn't work. I would ask the app folks if they could configure it to send a periodic keepalive.
Other ramifications could lead you succeptible to an attack on open sessions.
----- Original Message -----
From: Anthony Pace <anthonypace@fastmail.fm>
Date: Friday, August 22, 2003 12:55 pm
Subject: Off TOpic: Problems with PIX closing scoket on a static NAT
> Has anyone had problems with the PIX closing a tcp socket on a
> static nat
> due to inactivity/timeout? I am dealing with an application which may
> legitimatly leave the socket open for hours, and if it hides
> behind the
> PIX, there are problems with the first connetion when the session has
> been idle for several hours.
>
> I am thinking about increasing the global timeout for NAT, but I don't
> know if it will have other ramifications.
>
>
> Tony Pace CCIE #10349
>
> > Anthony Pace
> anthonypace@fastmail.fm
> >
> > --
> > http://www.fastmail.fm - Access your email from home and the web
> --
> Anthony Pace
> anthonypace@fastmail.fm
>
> --
> http://www.fastmail.fm - I mean, what is it about a decent email
> service?
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:05 GMT-3