I have an ASA 5505 version 8.0 (3). I have been having issues lately where I am showing many connections that have been idle for up to 7 hours but the ASA will not drop them. This is mainly an issue on the wireless side. I have set a time out of 5 minutes but the idle connections persist. It seems to be honoring the limit of 2000 connections but not the time out.
set connection conn-max 2000 embryonic-conn-max 2000
set connection timeout tcp 0:5:00
service-policy CONNS interface ****************
Basically, I just need to know what I'm missing. Thank you for any help.
This is my timeout config. I'm seeing that the 8:00:00 might be the problem. I checked the show conn long and they are taking from the right "timeout" set. I think I will configure an ACL to match the traffic and see if that helps as well.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...