Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

inside to outside traffiic times outs

Seem to be having an issue with a firewall I've inherited asa5520

some http downloads seem to be timing out, as well as some websites. When I bypass the ASA no problem.

also have a couple statements and I'm not sure as to why?

outside a.a.a.a

inside b.b.b.b

dmz c.c.c.c

dmz2 d.d.d.d

global (outside) 1 a.a.a.3-a.a.a.98 netmask 255.255.255.0

global (outside) 1 a.a.a.100-a.a.a.200 netmask 255.255.255.0

global (DMZ) 1 c.c.c.80-c.c.c.250 netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 dns

nat (DMZ) 1 c.c.c.0 255.255.255.0 dns

static (inside,outside) tcp interface 2300 b.b.b.32 2300 netmask 255.255.255.255

static (DMZ,outside) a.a.a.252 c.c.c.1 netmask 255.255.255.255

static (DMZ,outside) a.a.a.240 c.c.c.3 netmask 255.255.255.255 dns

static (DMZ,outside) a.a.a.243 c.c.c.8 netmask 255.255.255.255

static (DMZ,outside) Mail IronPort_DMZ netmask 255.255.255.255

static (inside,outside) a.a.a.247 b.b.b.74 netmask 255.255.255.255

static (inside,outside) c.c.c.c b.b.b.b netmask 255.255.255.255

static (inside,outside) a.a.a.99 b.b.b.98 netmask 255.255.255.255

static (inside,DMZ) b.0.0.0 b.0.0.0 netmask 255.0.0.0

static (inside,DMZ2) b.0.0.0 b.0.0.0 netmask 255.0.0.0

access-group acl_out in interface outside

access-group acl_dmz in interface DMZ

access-group DMZ2_access_in in interface DMZ2

route outside 0.0.0.0 0.0.0.0 a.a.a.1 1

route DMZ2 d.d.d.0 255.255.255.0 e.e.e.253 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:b:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:b:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

1 REPLY
Anonymous
N/A

Re: inside to outside traffiic times outs

You may try changing the uauth timeout. As a trial you may change it to "timeout uauth 01:00:00" and then try downloading. Also you may try removing the inline IPS.

111
Views
0
Helpful
1
Replies
CreatePlease to create content