Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT pools and Timeouts in terminal sessions? - Stump

Status
Not open for further replies.
rubbaninja

rubbaninja

MIS
Jun 1, 2002
217
US
Our business partner is claiming that our users connected to their terminal servers are being disconnected "sometimes" from the servers because of a problem with the NAT pool on our PIX firewall.

It's not even all the time that they are getting kicked out of terminal session. The only time they do is when they run some application and a query in that application within the term session.
Not on all queries within the application, only with large queries.

I cannot see how it is possible that a translation can cause issues with terminal server connections. More so that it's only when running this application thats local to the terminal server.

Any thoughts?
 
Sort by date Sort by votes
Few more items I should note.

I don't see an issue with the pool. We have many applications going through this PIX. Websense, other term sessions, some reporting voip, web based db's, etc. and no issues there. Only with this particular application/sessions.
 
Upvote 0 Downvote
hi also If you are in situation of using vpn you may have some issue due to the link mtu.
working with this aspect could stop the problem. you can also work with the sysopt tcpmss instruction to tune the vpn.
this already give us some results.

regards,
fred
 
Upvote 0 Downvote
Are you using the sysopt connection permit- statement? Or any of these:
Code: 
timeout xlate 2:00:00
timeout conn 2:00:00 half-closed 0:10:00 udp 0:02:00 rpc 2:00:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
Just type show timeout to confirm your timeout values

A firm beleiver of "Keep it Simple" philosophy
Cheers
/T
 
Upvote 0 Downvote
Thanks for the replies. I checked timeouts on first call and all looked good.


timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:30:00 udp 0:15:00 rpc 0:15:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute uauth 0:01:00 inactivity
floodguard enable


see post: failover issue

Still not sure what's up.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
936
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
724
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
566
Nitta84
Nitta84
steve777777
  • Locked
  • Question
Cisco ASA VPN+NAT
Replies
0
Views
184
steve777777
steve777777

Part and Inventory Search

Sponsor

Back
Top