No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

NAT Session aging time configured on AR1220 is not effective

Publication Date:  2012-09-25  |   Views:  5  |   Downloads:  0  |   Author:  c00222574  |   Document ID:  EKB1000016047

Contents

Issue Description

UDP session aging time is 60 seconds(V2R2 is default by 120 seconds), use follow command to configure NAT session.
firewall-nat session udp aging-time 60
Look up the aging time configuration, confirm the configuration is successful.
<TCAR1220AH_VRUC>dis firewall-nat session aging-time
---------------------------------------------
  tcp protocol timeout         : 600   (s)
  tcp-proxy timeout            : 10    (s)
  udp protocol timeout         : 60    (s)
  icmp protocol timeout        : 20    (s)
  dns protocol timeout         : 120   (s)
  http protocol timeout        : 120   (s)
  ftp protocol timeout         : 120   (s)
  ftp-data protocol timeout    : 120   (s)
  rtsp protocol timeout        : 60    (s)
  rtsp-media protocol timeout  : 120   (s)
  sip protocol timeout         : 1800  (s)
  sip-media protocol timeout   : 120   (s)

Alarm Information

Check UDP session after the dial line broken, it finds the session exists and aging time is not effective after 1minutes.

Handling Process

After the analysis, it needs to clear original flow table after AR realized the aging time, it will effective.

1. Configure firewall-nat session udp aging-time 60
2. Cut the flow
3. Reset nat session all

New aging time will be effective when creating new table after above process.

Root Cause

It can view the UDP aging time configured as 60 seconds by display firewall-nat session aging-time, confirm that configuration is effective, it needs other operation to touch off the aging time be effective.

Suggestions

NULL