cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
2
Replies

Pix 8.0(4) can I set a timeout for an individual tcp service?

joerggrau
Level 1
Level 1

I am running into an issue where one of the tcp services going through my PIX running 8.0(4) sends packets AFTER the specific connection has timed out. The result is that it reports an error on a packet for a non existing connection. Is there a way for me to increase the timeout for this one specific tcp service? I know this can be done in Checkpoint Firewalls, and I am looking for an equivalent mechanism in the PIX.

Any help is appreciated.

thanks

Joerg

2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

Hi Joerg,

Yes it can be done. You can use MPF to do it. Here is an example

hostname(config)# class-map http_traffic

hostname(config-cmap)# match port tcp eq 80

hostname(config)# policy-map outside_policy

hostname(config-pmap)# class http_traffic

hostname(config-pmap-c)# set connection timeout tcp 0:10:0

service-policy outside_policy interface outside

Also explained here http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mpc.html#wp1082979

I hope it helps.

PK

mkharban
Level 1
Level 1

Hi,

Please try the dead-connection-detection option that is newly introduced in 8.0(4) code.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s1.html#wp1396112

Hope this helps!

Thanks,

Manish

Cisco TAC

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: