on the inside interface we have a access-list permitting tcp any any. the access-list name is inside..
we have issues with some connections timing out in an hour. these connections are idle in the conn table of fwsm.
how can we ensure the conn to a specific host on any tcp port doesnt get dropped from the FWSM when idle for more then an hour.
this is what we tried
access-list CTI-conn remark Custom timeout policy for softphones not to timeout
access-list CTI-conn extended permit tcp any host CTI-lon
access-list CTI-conn extended permit tcp any host CTI-lon1
description Custom timeout policy for softphones not to timeout
match access-list CTI-conn
inspect dns maximum-length 2048
set connection timeout tcp 9:00:00
but when we do show access-list CTI-conn the hit counts doesnt increase and also the connection timeout in an hour instead of 9.
how to get this working