Default https inactivity connection timeout

Unanswered Question
Mar 29th, 2012

Hi,

Below are default inactivity connection time out for A3(1.0) So by defult any tcp connection(http or https) will be timed out in an hour.

The defaults are as follows:

ICMP—2 seconds

TCP—3600 seconds (1 hour)

UDP—120 seconds (2 minutes)

as per http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/tcpipnrm.html

Was this change in the A4(2.0) code or is it still the same? I heard a TAC engg say that default inactivity timeout for http and https are now 5 mins that is 300 seconds.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
rodrguti_2 Fri, 04/06/2012 - 21:13

Hello Arun,

The 3600 seconds for TCP apply just for TCP ports different than https and http, you can see that while you are configuring the parameter map in the description, but please take a look at the command reference:

http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/parammap.html#wp1103747

This has been like this since the initial codes.

So it does apply for A4(2.0) and all other codes, including the old ones.

HTH

Rodrigo.

arun.mohan Sat, 04/07/2012 - 02:50

Thanks Rodrigo. So what is the default timeout for http and https connections via ACE?

merci,

arun

rodrguti_2 Sat, 04/07/2012 - 11:34

Hi Arun,

The default timeout for HTTP and HTTPS is 300 seconds.

Regards,

Rodrigo

t_songtong Wed, 02/25/2015 - 00:27

Hi Rodrigo,

    Can we change the timeout of HTTP & HTTPS? As the CLI just allows only TCP (change 3600 to other value). If it can't be changed, all HTTP/HTTPS will have to live with 5 minutes timeout. Could you please advise?

 

Regards,

Thanawoot

t_songtong Thu, 02/26/2015 - 00:09

Ok, I tried to "set timeout inactivity 1000", no more HTTP/HTTPS in the output of show parameter. I understand that when set timeout inactivity, the ACE treats all TCP timeout with a new setting value, and no more special setting for HTTP/HTTPS.

Fnu Kanwaljeet Singh Thu, 02/26/2015 - 07:52

Hi,

Yes you are right. But you can apply the parameter map to appropriate class map so that it only applies to the traffic you want it to.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Actions

This Discussion

Related Content