Cisco Support Community
Community Member

question of ace tcp idle-timeout tunning.

first of all, please check the tcp-idle time out tunning.

parameter-map type connection TCP_Timer_24h

  set timeout inactivity 86400

class-map match-all NET1

  2 match access-list net1

policy-map multi-match Outbound_TCP

  class NET1

    connection advanced-options TCP_Timer_24h

interface vlan 162

  description [Channel_AP_server_vlan]

  access-group input everyone

  access-group output everyone

  service-policy input remote_mgmt_allow

  service-policy input Outbound_TCP

sh conn detail


20422     1  out TCP   162  ESTAB

          [ conn in reuse pool : FALSE]

          [ idle time   : 88:17:16,   byte count  : 0          ]

          [ elapsed time: 88:17:16,   packet count: 0          ]

regarding the configuration, We had configured the tcp-idle timeout to 24 hour on specific network.(refer

but when we enter show conn detail that network, the idle time was showen like above. 88 Hour.

if the session is try connection to the sever over 24 hour, ace didn't disconnct that connection, although 24 hour over?


Re: question of ace tcp idle-timeout tunning.

In my setup i have applied the TCP parameter map global. If you apply it to an interface an bind an access list to an interface the traffic originating from the other Vlan might not be included in the parameter map. That could be a possible issue but i am not sure though.

The TCP sessions get their idle timeout adjusted after you have applied the parameter map. So if you already have established connections they will still have the old values. Clear the connections, apply the parameter map and then have a look at the regarding connections again.


CreatePlease to create content