idle timeout on FWSM

Unanswered Question
Jun 9th, 2009

hi,

on the inside interface we have a access-list permitting tcp any any. the access-list name is inside..

we have issues with some connections timing out in an hour. these connections are idle in the conn table of fwsm.

how can we ensure the conn to a specific host on any tcp port doesnt get dropped from the FWSM when idle for more then an hour.

this is what we tried

access-list CTI-conn remark Custom timeout policy for softphones not to timeout

access-list CTI-conn extended permit tcp any host CTI-lon

access-list CTI-conn extended permit tcp any host CTI-lon1

class-map CTI-conn

description Custom timeout policy for softphones not to timeout

match access-list CTI-conn

policy-map global_policy

class inspection_default

inspect dns maximum-length 2048

...

class CTI-conn

set connection timeout tcp 9:00:00

but when we do show access-list CTI-conn the hit counts doesnt increase and also the connection timeout in an hour instead of 9.

how to get this working

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion