ip tcp intercept mode and syn timeout

Unanswered Question
Aug 14th, 2009
User Badges:


I am using "ip tcp intercept mode" in default intercept mode. What is the timeout for SYN packets ? As i understeand from documentation "ip tcp intercept watch-timeout" is only used for watch mode :(


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vmoopeung Thu, 08/20/2009 - 08:30
User Badges:
  • Bronze, 100 points or more

When TCP intercept is enabled, it operates in intercept mode by default. In intercept mode, the software actively intercepts TCP SYN packets from clients to servers that match the specified access list. For each SYN, the software responds on behalf of the server with an ACK and SYN, and waits for an ACK of the SYN from the client. When that ACK is received, the original SYN is sent to the server, and the code then performs a three-way handshake with the server. Then the two half-connections are joined.

In watch mode, the software allows connection attempts to pass through the router, but watches them until they become established. If they fail to become established in 30 seconds (or the value set by the ip tcp intercept watch-timeout command), a Reset is sent to the server to clear its state.


This Discussion