Enabling the deletion of timestamps in TCP SYN and SYN ACK packets

With this feature configured, the system deletes the timestamps from the TCP SYN and SYN ACK packets after dynamic address translation.

If PAT mode is configured on an interface by using nat inbound or nat outbound, and the tcp_timestams and tcp_tw_recycle function is configured on the TCP server, TCP connections might not be established. To solve the problem, you can shut down the tcp_tw_recycle function or configure the nat timestamp delete command.

To enable the deletion of timestamps in TCP SYN and SYN ACK packets:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable the deletion of timestamps in TCP SYN and SYN ACK packets	nat timestamp delete [ vpn-instance vpn-instance-name ]	By default, the deletion of timestamps in TCP SYN and SYN ACK packets is disabled. You can enable this feature for multiple VPN instances by repeating the command with different VPN parameters.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable the deletion of timestamps in TCP SYN and SYN ACK packets

nat timestamp delete [ vpn-instance vpn-instance-name ]

By default, the deletion of timestamps in TCP SYN and SYN ACK packets is disabled.

You can enable this feature for multiple VPN instances by repeating the command with different VPN parameters.

prev	up	next
Enabling NAT reply redirection	home	Displaying and maintaining NAT