Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

inside to outside traffiic times outs

Seem to be having an issue with a firewall I've inherited asa5520

some http downloads seem to be timing out, as well as some websites. When I bypass the ASA no problem.

also have a couple statements and I'm not sure as to why?

outside a.a.a.a

inside b.b.b.b

dmz c.c.c.c

dmz2 d.d.d.d

global (outside) 1 a.a.a.3-a.a.a.98 netmask

global (outside) 1 a.a.a.100-a.a.a.200 netmask

global (DMZ) 1 c.c.c.80-c.c.c.250 netmask

nat (inside) 1 dns

nat (DMZ) 1 c.c.c.0 dns

static (inside,outside) tcp interface 2300 b.b.b.32 2300 netmask

static (DMZ,outside) a.a.a.252 c.c.c.1 netmask

static (DMZ,outside) a.a.a.240 c.c.c.3 netmask dns

static (DMZ,outside) a.a.a.243 c.c.c.8 netmask

static (DMZ,outside) Mail IronPort_DMZ netmask

static (inside,outside) a.a.a.247 b.b.b.74 netmask

static (inside,outside) c.c.c.c b.b.b.b netmask

static (inside,outside) a.a.a.99 b.b.b.98 netmask

static (inside,DMZ) b.0.0.0 b.0.0.0 netmask

static (inside,DMZ2) b.0.0.0 b.0.0.0 netmask

access-group acl_out in interface outside

access-group acl_dmz in interface DMZ

access-group DMZ2_access_in in interface DMZ2

route outside a.a.a.1 1

route DMZ2 d.d.d.0 e.e.e.253 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:b:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:b:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute


Re: inside to outside traffiic times outs

You may try changing the uauth timeout. As a trial you may change it to "timeout uauth 01:00:00" and then try downloading. Also you may try removing the inline IPS.

CreatePlease to create content