Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
1
Replies

suggested timeout config on pix for aaa cmds passing through

evan2five
Level 1
Level 1

‎07-02-2009 11:56 PM - edited ‎03-10-2019 04:34 PM

Our tacacs sits on the other side of a pix firewall. As a result we are causing alot of xlate transactions on the pix as we enter commands on our devices.

What are the suggested timeout values?

Our conn count is max 2700

timeout xlate 3:00:00 (default)

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎07-06-2009 05:50 AM

Are you seeing xlates for your sessions? Are they going through the firewall or to the firewall? When you manage the firewall itself there are no xlates. The management of the firewalls are all TCP based so you should only see one xlate for management beyond the firewall (per person/per device). The default timeouts are fine unless there is a specific application that requires a longer one.

Hope that helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents