Symptom
When NAT sampling timeout and TCP timeout are both configured, the TCP timeout is ignored. After the sampling timeout expires, the general NAT translation timeout counts down, and the entry is aged out without the TCP timeout ever triggering.
TCP/UDP timeouts are not honored when set to default values.
# show run all
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 3600
If you re-configure TCP/UDP timeout to different value than default (3600 s) then problem is not seen and configured timeouts are honored.
# show run all
ip nat translation tcp-timeout 3000
ip nat translation udp-timeout 2500
Conditions
This issue affects TCP dynamic NAT translations on Nexus 3548 and 3524 switches running 9.3(6) or lower code.
Workaround
- configure TCP/UDP timeouts to different value than default one. After that, values should be honored.
- configure higher sampling-timeout value to make up for the missing TCP timeout value
