Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
4
Helpful
1
Replies

ASA timeout

ehuarte
Level 1
Level 1

‎10-16-2007 02:19 AM - edited ‎03-05-2019 07:06 PM

Hi;

I configured a timeout in the 6506 for "Connections" of "24:00:00".

Is the only one configured.

I connect a machine from the outside to the inside and it doesn't close the connection (know stablisehd for 4 days).

But if I dissable the "connection" timeout, the same connection (outside--> inside) is closed in one hour.

I need the connection for several hours, but no permanently.

How I can do it?

thanks. Regards.

Labels:
0 Helpful
1 Reply 1

noran01
Level 3
Level 3

‎10-16-2007 04:51 AM

That connection variable you are setting is a global connection timeout for all connections through the ASA (timeout conn 1:00:00).

To set a timeout specific to certain traffic/hosts you would have to do the following:

Create a specific ACL for the traffic you wish to set a timeout on (i.e. access-list outside_timeout_in extended permit tcp any eq ssh)

Then a class-map:

class-map ssh

match match access-list outside_timeout_in

Create a policy map to reference the class-map:

policy-map ssh

class ssh

set connection timeout tcp 00:10:00 reset

Then, lastly create the service-policy and apply it to the interface in question:

service-policy ssh interface outside

This rule will basically close any ssh session that is idle after 10 minutes.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card