cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2226
Views
0
Helpful
3
Replies

timeout conn

alibowluk
Level 1
Level 1

the default idle time for a connection on a Cisco ASA is 1 hour, as denoted by the timeout conn command. The ASA then closes the connection.

What i wish to know is how does the ASA close the idle connection? does it send a Reset to each end of the connection? or only one end? or does it send a reset at all.

Does any one know what the ASA actually does to close the idle connection?

Thanks

Chris

3 Replies 3

ASA silently drop connections for which the idle timeout timer has expired.

This default behavior can be changed using Modular Policy Framework.

Check out the "set connection timeout" command in the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1299836

There is a "reset" argument that can be used to send a RST in both

directions when the idle timer expires.

Syed Iftekhar Ahmed

ah i see so i can set it to send resets in both directions

your wrote the ASA silently drops the connection, what do you mean by that? do you mean the ASA doesn't do anything it just drops the connection from its own connection table?

Thanks for the help, just trying to get my head round what the ASA does as we have a connection which seems to be only reset one end after the idle time, when the connection is re-established the other end it seems to just disappear?

thanks

Ali

As per my knowledge no resets are send by ASA on either side (unless configured using MPF) when a connection times out.

So yes it simply delete the connection entry from its connection table.

Syed Iftekhar Ahmed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: