inside to outside traffiic times outs

Unanswered Question
Apr 3rd, 2009

Seem to be having an issue with a firewall I've inherited asa5520

some http downloads seem to be timing out, as well as some websites. When I bypass the ASA no problem.

also have a couple statements and I'm not sure as to why?

outside a.a.a.a

inside b.b.b.b

dmz c.c.c.c

dmz2 d.d.d.d

global (outside) 1 a.a.a.3-a.a.a.98 netmask

global (outside) 1 a.a.a.100-a.a.a.200 netmask

global (DMZ) 1 c.c.c.80-c.c.c.250 netmask

nat (inside) 1 dns

nat (DMZ) 1 c.c.c.0 dns

static (inside,outside) tcp interface 2300 b.b.b.32 2300 netmask

static (DMZ,outside) a.a.a.252 c.c.c.1 netmask

static (DMZ,outside) a.a.a.240 c.c.c.3 netmask dns

static (DMZ,outside) a.a.a.243 c.c.c.8 netmask

static (DMZ,outside) Mail IronPort_DMZ netmask

static (inside,outside) a.a.a.247 b.b.b.74 netmask

static (inside,outside) c.c.c.c b.b.b.b netmask

static (inside,outside) a.a.a.99 b.b.b.98 netmask

static (inside,DMZ) b.0.0.0 b.0.0.0 netmask

static (inside,DMZ2) b.0.0.0 b.0.0.0 netmask

access-group acl_out in interface outside

access-group acl_dmz in interface DMZ

access-group DMZ2_access_in in interface DMZ2

route outside a.a.a.1 1

route DMZ2 d.d.d.0 e.e.e.253 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:b:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:b:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Thu, 04/09/2009 - 05:56

You may try changing the uauth timeout. As a trial you may change it to "timeout uauth 01:00:00" and then try downloading. Also you may try removing the inline IPS.


This Discussion