×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
hemendoz Wed, 07/12/2006 - 17:09
User Badges:
  • Cisco Employee,

Hello Paul,


I have worked with clients who have AS400 traffic that passes through a ASA VPN tunnel. The only issue we had is that sometimes connections could go idle for long periods of time, and if the ASA connection timeout is set too low, this traffic would not pass after the idle time-out period. We'd have to physically reset the AS400 interfaces for traffic to flow again. You can set infinite idle time-out periods based on specific hosts now on 7.x (Modular Policy) vs. configuring a global value.


Here is a link that details this

PIX/ASA 7.x: Set a Connection Timeout Based on an Access-List Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080624e19.shtml


Any specific traffic you are concerned about?


Hope this helps! If so, please rate.


Thanks

paulnigel Wed, 07/12/2006 - 19:43
User Badges:

Hi hemendoz,


Appreciate much for your help.


correct me if i am wrong, when my AS400 communicate with Rumba(emulation software), they use Telnet, 1789 and ack traffic is like using tcp high ports, 8192.


does it mean that i have to set ACL for infinite idle time-out for all the ports that the clients used? or do you have a better solution?


Thanks and Best wishes,

Paul

Actions

This Discussion