Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

suggested timeout config on pix for aaa cmds passing through

Our tacacs sits on the other side of a pix firewall. As a result we are causing alot of xlate transactions on the pix as we enter commands on our devices.

What are the suggested timeout values?

Our conn count is max 2700

timeout xlate 3:00:00 (default)

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

1 REPLY

Re: suggested timeout config on pix for aaa cmds passing through

Are you seeing xlates for your sessions? Are they going through the firewall or to the firewall? When you manage the firewall itself there are no xlates. The management of the firewalls are all TCP based so you should only see one xlate for management beyond the firewall (per person/per device). The default timeouts are fine unless there is a specific application that requires a longer one.

Hope that helps.

119
Views
0
Helpful
1
Replies
CreatePlease to create content