Skip to main content
Cisco SD-WAN
Product Documentation
Viptela Documentation


vpn interface nat tcp-timeout—Configure when NAT translations over a TCP session time out (on vEdge routers only).

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface Cellular (for vEdge cellular wireless routers only)
Configuration ► Templates ► VPN Interface Ethernet
Configuration ► Templates ► VPN Interface NAT Pool
Configuration ► Templates ► VPN Interface PPP

Command Hierarchy

vpn vpn-id
  interface interface-name
     tcp-timeout minutes


Time after which NAT translations over TCP sessions time out.
Range: 1 through 65536 minutes
Default: 60 minutes (1 hour)

Additional Information

You can modify only the TCP and UDP session timeout values. The following NAT session timers are fixed, and you cannot modify them:

  • TCP session timeout if no SYN-ACK response is received—5 seconds
  • TCP session timeout if three-way handshaking is not established—10 seconds
  • TCP session timeout after receiving a FIN/RST packet—30 seconds
  • ICMP imeout—6 seconds
  • Other IP timeout—60 seconds


Change the NAT translation timeout value for TCP sessions to 2 hours:

vEdge# config
vEdge(config)# vpn 1 interface ge0/4 nat tcp-timeout 120
vEdge(config-nat)# show full-configuration
vpn 1
 interface ge0/4
    tcp-timeout 120

Release Information

Command introduced in Viptela Software Release 14.2.​

Additional Information

See the Configuring Local Internet Exit article for your software release.

  • Was this article helpful?