Modify a tcp idle time-out on ACE

Answered Question
Mar 2nd, 2008

Hi.

I have a question about tcp idle-time out on ace.

I configured like below

set timeout inactivity 600000

class-map match-any TCP_Connection_IP

2 match virtual-address 100.254.130.0 255.255.255.0 tcp any

policy-map multi-match TCP_Connection_Policy

class TCP_Connection_IP

connection advanced-options TCP_Connection_Timer

interface vlan 30(Client Vlan)

service-policy input TCP_Connection_Policy

interface vlan 330(Server Vlan)

service-policy input TCP_Connection_Policy

Is it a correct?,

If ok, How can I check the tcp-idle?

as show command,

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 8 years 9 months ago

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.

ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0

class-map net1

match access-list net1

policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer

Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.

There is no command to see if a connection has the right idle timeout.

All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Mon, 03/03/2008 - 01:59

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.

ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0

class-map net1

match access-list net1

policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer

Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.

There is no command to see if a connection has the right idle timeout.

All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.

Gilles.

Actions

This Discussion