Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
1
Replies

timeout problem with asa5520 v7.2

Go to solution
julxu
Level 1
Level 1

‎07-11-2009 03:31 AM - edited ‎03-11-2019 08:53 AM

Greating

My servers behind asa5520 inside interface, seems have problem with timeout.

all the sessions from internet to inside servers seems be cut off if user keep idle more than 30 mins.

however, the subnet which I did configure the box has not such problems.

Could anyone advice me if the ASA5520 can control the session timeout?

Any comments will be apprecaited

Thanks in advice

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
guibarati
Level 4
Level 4

‎07-14-2009 05:28 AM

Yes, the ASA control the session timeout, otherwise if a host in the internet just leave the connection (without an RST or FIN) it would be endless active in ASA.

You must use a feature in ASA that veryfies the connection by sending packets to both hosts with spoofed information, to see if the respond to that connection.

in the link:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html

look for "DCD"

you should use "timeout tcp" option, whith a timeout lower then 30 minutes.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
guibarati
Level 4
Level 4

‎07-14-2009 05:28 AM

Yes, the ASA control the session timeout, otherwise if a host in the internet just leave the connection (without an RST or FIN) it would be endless active in ASA.

You must use a feature in ASA that veryfies the connection by sending packets to both hosts with spoofed information, to see if the respond to that connection.

in the link:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html

look for "DCD"

you should use "timeout tcp" option, whith a timeout lower then 30 minutes.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card