03-06-2012 08:55 PM - edited 03-11-2019 03:39 PM
Hi,
I am troubleshooting an issue with our voip guys and they are telling me that the
Best way to resolve the problem is to increase UDP NAT timeout to 1 hr. I am not sure on how to do this to this config. Can someone tell me what should be changed to enable this? scrubbed config attached.
Solved! Go to Solution.
03-07-2012 12:09 AM
These are the default timeout values on the ASA
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
If you want to modify this globally then you can do this
ASA3(config)# timeout udp ?
configure mode commands/options:
0:0:0 | <0:1:0> - <1193:0:0> Idle time after which general UDP states will
be closed, default is 0:02:00
<0-0> Specify this value to never time out
If you want to modify the timeout values for the specific flow from a particular source to destination you can do this
To match specific traffic, you can match an access list:
hostname(config)# access list CONNS extended permit ip any 10.1.1.1 255.255.255.255
hostname(config)# class-map CONNS
hostname(config-cmap)# match access-list CONNS
hostname(config)# policy-map CONNS
hostname(config-pmap)# class CONNS
hostname(config-pmap-c)# set connection timeout UDP (here you can set the time)
Also refer to this link for clarification
Sachin
03-07-2012 12:09 AM
These are the default timeout values on the ASA
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
If you want to modify this globally then you can do this
ASA3(config)# timeout udp ?
configure mode commands/options:
0:0:0 | <0:1:0> - <1193:0:0> Idle time after which general UDP states will
be closed, default is 0:02:00
<0-0> Specify this value to never time out
If you want to modify the timeout values for the specific flow from a particular source to destination you can do this
To match specific traffic, you can match an access list:
hostname(config)# access list CONNS extended permit ip any 10.1.1.1 255.255.255.255
hostname(config)# class-map CONNS
hostname(config-cmap)# match access-list CONNS
hostname(config)# policy-map CONNS
hostname(config-pmap)# class CONNS
hostname(config-pmap-c)# set connection timeout UDP (here you can set the time)
Also refer to this link for clarification
Sachin
03-07-2012 05:18 AM
Thanks Sashin. This is what I needed.
03-07-2012 05:22 AM
Good to know, please mark it as answerd if it is
Regards,
Sachin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: