cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17085
Views
5
Helpful
3
Replies

Does anyone know how to increase udp timeouts to 1 hr on asa 5505

Chris Knipe
Level 1
Level 1

Hi,

I am troubleshooting an issue with our voip guys and they are telling me that the

Best way to resolve the problem is to increase UDP NAT timeout to 1 hr.  I am not sure on how to do this to this config.  Can someone tell me what should be changed to enable this?  scrubbed config attached.

1 Accepted Solution

Accepted Solutions

svaish
Level 1
Level 1

These are the default timeout values on the ASA

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

If you want to modify this globally then you can do this

ASA3(config)# timeout udp ?

configure mode commands/options:

  0:0:0 | <0:1:0> - <1193:0:0>  Idle time after which general UDP states will

                                be closed, default is 0:02:00

  <0-0>                         Specify this value to never time out

If you want to modify the timeout values for the specific flow from a particular source to destination you can do this

To match specific traffic, you can match an access list:

hostname(config)# access list CONNS extended permit ip any 10.1.1.1 255.255.255.255

hostname(config)# class-map CONNS

hostname(config-cmap)# match access-list CONNS

hostname(config)# policy-map CONNS

hostname(config-pmap)# class CONNS

hostname(config-pmap-c)# set connection timeout UDP (here you can set the time)

Also refer to this link for clarification

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_connlimits.html#wp1080774

Sachin

View solution in original post

3 Replies 3

svaish
Level 1
Level 1

These are the default timeout values on the ASA

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

If you want to modify this globally then you can do this

ASA3(config)# timeout udp ?

configure mode commands/options:

  0:0:0 | <0:1:0> - <1193:0:0>  Idle time after which general UDP states will

                                be closed, default is 0:02:00

  <0-0>                         Specify this value to never time out

If you want to modify the timeout values for the specific flow from a particular source to destination you can do this

To match specific traffic, you can match an access list:

hostname(config)# access list CONNS extended permit ip any 10.1.1.1 255.255.255.255

hostname(config)# class-map CONNS

hostname(config-cmap)# match access-list CONNS

hostname(config)# policy-map CONNS

hostname(config-pmap)# class CONNS

hostname(config-pmap-c)# set connection timeout UDP (here you can set the time)

Also refer to this link for clarification

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_connlimits.html#wp1080774

Sachin

Thanks Sashin.  This is what I needed.

Good to know, please mark it as answerd if it is

Regards,

Sachin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: