timeout problem with asa5520 v7.2

Answered Question
Jul 11th, 2009

Greating

My servers behind asa5520 inside interface, seems have problem with timeout.

all the sessions from internet to inside servers seems be cut off if user keep idle more than 30 mins.

however, the subnet which I did configure the box has not such problems.

Could anyone advice me if the ASA5520 can control the session timeout?

Any comments will be apprecaited

Thanks in advice

I have this problem too.
0 votes
Correct Answer by guibarati about 7 years 4 months ago

Yes, the ASA control the session timeout, otherwise if a host in the internet just leave the connection (without an RST or FIN) it would be endless active in ASA.

You must use a feature in ASA that veryfies the connection by sending packets to both hosts with spoofed information, to see if the respond to that connection.

in the link:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html

look for "DCD"

you should use "timeout tcp" option, whith a timeout lower then 30 minutes.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
guibarati Tue, 07/14/2009 - 05:28

Yes, the ASA control the session timeout, otherwise if a host in the internet just leave the connection (without an RST or FIN) it would be endless active in ASA.

You must use a feature in ASA that veryfies the connection by sending packets to both hosts with spoofed information, to see if the respond to that connection.

in the link:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html

look for "DCD"

you should use "timeout tcp" option, whith a timeout lower then 30 minutes.

Actions

This Discussion