06-24-2009 05:46 PM - edited 03-11-2019 08:47 AM
Hi,
I don't want to change the global UDP idle timeout for the entire firewall for obvious security reasons but I have to change timeout for a particular UDP port from a known source IP to another known destination IP. I tried using:
object-group service blah
timeout udp 0:20:00
or timeout udp 0:20:00 conn 1:00:00
but the timeout command does not stay in the config. I even tried MPF but MPF doesn't have UDP option or I can't find it.
Is there another way?
Thanks in advance
06-24-2009 08:30 PM
I did something similar for TCP connections the other day...
This should work...substitute the TCP for UDP and add the necessary UDP port in the ACL:
access-list custom_timeout extended permit tcp host 1.1.1.1 any
class-map custom_timeout
description Connection Timeout for specific hosts - 3 hours
match access-list custom_timeout
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class custom_timeout
set connection timeout tcp 03:0:00 reset
06-25-2009 01:39 AM
Hi,
Thanks for your respond.
I've already tried this but unfortunately there isn't a udp option with this method.
please see below
hostname(config-pmap-c)# set connection timeout ?
mpf-policy-map-class mode commands/options:
dcd Configure dead-connection-detection retry interval.
embryonic Configure absolute time after which an embryonic TCP connection
will be closed, default is 0:00:30.
half-closed Configure idle time after which a TCP half-closed connection
will be freed, default is 0:10:00
tcp Configure idle time after which a TCP connection state will be
closed, default is 1:00:00
02-19-2012 04:36 PM
Hi,
The custom UDP service was taken out of ASA 8.x code and by request it was added back in higher releases of 8.2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide