ASA5510 forceable closing connections that are in use

justinwiebe · ‎06-11-2008

We replaced our PIX515E running 7.0(1) recently with an ASA5510 running 8.0(3). The configurations of both are, for the most part, identical. However, we are running into issues where the new firewall appears to be closing connections that are in use. The connection timeout is set to 24 hours, but we are seeing the firewall close a connection that is as little as 50 minutes old. Does anyone have any advice on how to fix or troubleshoot this?

Thank you.

Farrukh Haroon · ‎06-11-2008

Which protocol = TCP?

What application exactly = FTP, VOIP etc?

Regards

Farrukh

justinwiebe · ‎06-11-2008

Here are some more details:

It is an HTTPS connection to an apache web server on our DMZ. If I run sho conn, I have some connections almost as old as the timeout setting (24 hours) from the customer that is experiencing the forced connection closure. So some connections from any given source are staying open, and some are being closed by the firewall.

Farrukh Haroon · ‎06-11-2008

Is there any IPS in the transit path? I doubt the firewall would close a similar connection from some flows and let others idle out.

Regards

Farrukh