ASA-5585-X 8.4(6)5 Idle connections are not being removed according to timeout settings
Just a quick question if anybody has run into a bug where the ASAs "timeout" settings are not being applied to idle connections.
It seems that our ASA running the software level 8.4(6)5 is not tearing down connections. This mainly seems to be a problem in one Security Context where there are around 300k UDP connections (related to VOIP phones) that are not being torn down. Idle timers on the connections are going as far as 700 hours. Common to all the UDP connections is also the fact that only 19 Bytes of data has been transmitted on the connection built on the firewall. I am not sure what the purpose of these UDP Connections is as both the source and destination port is a random high port.
I was not able find any Bug ID which description would match the situation I am seeing. I did not see anything in the release notes of 8.4(7) or its interrim release either that would list thing kind of bug.
The BugID mentioned above is probably the problem in our case.
We will have to check what software level to upgrade to. One of the listed softwares we already tried previously with very bad results (ASA became nearly unusable). Seems we need to consider moving to some 9.x software level. Hopefully with less problems than we have had with the most recent 8.4(x) software levels.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :