ASA5510 forceable closing connections that are in use

Unanswered Question
Jun 11th, 2008

We replaced our PIX515E running 7.0(1) recently with an ASA5510 running 8.0(3). The configurations of both are, for the most part, identical. However, we are running into issues where the new firewall appears to be closing connections that are in use. The connection timeout is set to 24 hours, but we are seeing the firewall close a connection that is as little as 50 minutes old. Does anyone have any advice on how to fix or troubleshoot this?

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
justinwiebe Wed, 06/11/2008 - 07:37

Here are some more details:

It is an HTTPS connection to an apache web server on our DMZ. If I run sho conn, I have some connections almost as old as the timeout setting (24 hours) from the customer that is experiencing the forced connection closure. So some connections from any given source are staying open, and some are being closed by the firewall.

Farrukh Haroon Wed, 06/11/2008 - 08:58

Is there any IPS in the transit path? I doubt the firewall would close a similar connection from some flows and let others idle out.




This Discussion