Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Custom UDP service timeout

Hi,

I don't want to change the global UDP idle timeout for the entire firewall for obvious security reasons but I have to change timeout for a particular UDP port from a known source IP to another known destination IP. I tried using:

object-group service blah

timeout udp 0:20:00

or timeout udp 0:20:00 conn 1:00:00

but the timeout command does not stay in the config. I even tried MPF but MPF doesn't have UDP option or I can't find it.

Is there another way?

Thanks in advance

3 REPLIES
Bronze

Re: Custom UDP service timeout

I did something similar for TCP connections the other day...

This should work...substitute the TCP for UDP and add the necessary UDP port in the ACL:

access-list custom_timeout extended permit tcp host 1.1.1.1 any

class-map custom_timeout

description Connection Timeout for specific hosts - 3 hours

match access-list custom_timeout

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

class custom_timeout

set connection timeout tcp 03:0:00 reset

New Member

Re: Custom UDP service timeout

Hi,

Thanks for your respond.

I've already tried this but unfortunately there isn't a udp option with this method.

please see below

hostname(config-pmap-c)# set connection timeout ?

mpf-policy-map-class mode commands/options:

dcd Configure dead-connection-detection retry interval.

embryonic Configure absolute time after which an embryonic TCP connection

will be closed, default is 0:00:30.

half-closed Configure idle time after which a TCP half-closed connection

will be freed, default is 0:10:00

tcp Configure idle time after which a TCP connection state will be

closed, default is 1:00:00

New Member

Custom UDP service timeout

Hi,

The custom UDP service was taken out of ASA 8.x code and by request it was added back in higher releases of 8.2

1236
Views
0
Helpful
3
Replies
CreatePlease to create content