Use this command to configure an IPv4 NAT translation protocol rule.
| protocol | Specifies the protocol the rule will be applied to.
|
| timeout seconds | Specifies the timeout in seconds to be associated with the specified protocol. |
| one-shot | (Optional) Specifies that the one-shot feature is associated with this protocol. The one-shot feature is not configurable for the TCP protocol. |
If a port is not specified for UDP or TCP, the rule applies to all ports. If one-shot is not specified, the one-shot feature is not associated with the rule. Translation timers for protocols with no rule applied default to 240 seconds.
Configuration command, Global configuration.
Protocol rules are used to assign an idle timeout based on IP protocol and port number for UDP, TCP, and ICMP.
The “no” form of the command deletes the rule and resets the timeout for the specified protocol to the default value of 240 seconds.
One-shot is a feature specific to bindings for protocols such as ICMP or UDP (DNS), which are generally both bi-directional and only send one packet in each direction. One-shot provides the benefit of quickly cleaning up such bindings given their temporary nature. The one-shot binding will behave as follows: when a processed packet results in a binding being created and a packet is sent on to its destination, the binding is deleted after approximately 1 second from the time the packet is sent back to the peer. One-shot behavior only applies to overloaded dynamic bindings.
This example sets the timeout value applied to ICMP flows to 300 and enables the one-shot feature for the ICMP protocol:
System(rw-config)->ip nat translation protocol icmp timeout 300 one-shot
Print
this page
Email this topic
Feedback
View PDF
Download EPUB