ASA timeout

Unanswered Question


I configured a timeout in the 6506 for "Connections" of "24:00:00".

Is the only one configured.

I connect a machine from the outside to the inside and it doesn't close the connection (know stablisehd for 4 days).

But if I dissable the "connection" timeout, the same connection (outside--> inside) is closed in one hour.

I need the connection for several hours, but no permanently.

How I can do it?

thanks. Regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)

That connection variable you are setting is a global connection timeout for all connections through the ASA (timeout conn 1:00:00).

To set a timeout specific to certain traffic/hosts you would have to do the following:

Create a specific ACL for the traffic you wish to set a timeout on (i.e. access-list outside_timeout_in extended permit tcp any eq ssh)

Then a class-map:

class-map ssh

match match access-list outside_timeout_in

Create a policy map to reference the class-map:

policy-map ssh

class ssh

set connection timeout tcp 00:10:00 reset

Then, lastly create the service-policy and apply it to the interface in question:

service-policy ssh interface outside

This rule will basically close any ssh session that is idle after 10 minutes.


This Discussion