Technology Tips and News
Is it possible to change the NAT mapping UDP Connection Timeout in TMG2010?
Also, is it possible to configure "Consistent NAT", such that TMG2010 will always use the same source port in the NAT translation for a specified IP address and source port that requires NATing?
Hi,
According to the RFC, you can change the NAT UDP mapping timeout from a default value of five minutes. It seems that you need to configure that on your NAT device.
In addition, TMG maintains a pool of source ports to use for outgoing NAT connections. Each time an outgoing NAT connection is made through a TMG server, TMG has to determine the outgoing source port that will be used for the NAT connection. When a connection is closed, the outgoing source port is freed back to the pool and is immediately available for a later outgoing connection. In these scenario, it is supported to allow multiple simultaneous sessions by changing the source ports. If TMG uses the same source port for an outgoing connection to the external server after the previous connection is closed, the connection may fail. It seems that it is impossible to do that in TMG.
Best regards,
Susie
Hi,
According to the RFC, you can change the NAT UDP mapping timeout from a default value of five minutes. It seems that you need to configure that on your NAT device.
In addition, TMG maintains a pool of source ports to use for outgoing NAT connections. Each time an outgoing NAT connection is made through a TMG server, TMG has to determine the outgoing source port that will be used for the NAT connection. When a connection is closed, the outgoing source port is freed back to the pool and is immediately available for a later outgoing connection. In these scenario, it is supported to allow multiple simultaneous sessions by changing the source ports. If TMG uses the same source port for an outgoing connection to the external server after the previous connection is closed, the connection may fail. It seems that it is impossible to do that in TMG.
Best regards,
Susie
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier