Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Default https inactivity connection timeout

Hi,

Below are default inactivity connection time out for A3(1.0) So by defult any tcp connection(http or https) will be timed out in an hour.

The defaults are as follows:

ICMP—2 seconds

TCP—3600 seconds (1 hour)

UDP—120 seconds (2 minutes)

as per http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/tcpipnrm.html

Was this change in the A4(2.0) code or is it still the same? I heard a TAC engg say that default inactivity timeout for http and https are now 5 mins that is 300 seconds.

6 REPLIES
New Member

Default https inactivity connection timeout

Hello Arun,

The 3600 seconds for TCP apply just for TCP ports different than https and http, you can see that while you are configuring the parameter map in the description, but please take a look at the command reference:

http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/parammap.html#wp1103747

This has been like this since the initial codes.

So it does apply for A4(2.0) and all other codes, including the old ones.

HTH

Rodrigo.

New Member

Default https inactivity connection timeout

Thanks Rodrigo. So what is the default timeout for http and https connections via ACE?

merci,

arun

New Member

Default https inactivity connection timeout

Hi Arun,

The default timeout for HTTP and HTTPS is 300 seconds.

Regards,

Rodrigo

New Member

Hi Rodrigo,    Can we change

Hi Rodrigo,

    Can we change the timeout of HTTP & HTTPS? As the CLI just allows only TCP (change 3600 to other value). If it can't be changed, all HTTP/HTTPS will have to live with 5 minutes timeout. Could you please advise?

 

Regards,

Thanawoot

New Member

Ok, I tried to "set timeout

Ok, I tried to "set timeout inactivity 1000", no more HTTP/HTTPS in the output of show parameter. I understand that when set timeout inactivity, the ACE treats all TCP timeout with a new setting value, and no more special setting for HTTP/HTTPS.

Cisco Employee

Hi,Yes you are right. But you

Hi,

Yes you are right. But you can apply the parameter map to appropriate class map so that it only applies to the traffic you want it to.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

2994
Views
4
Helpful
6
Replies
CreatePlease login to create content