This can be done multiple ways, I have chosen the global_policy because its already applied to all interfaces. Else you can create a seperate policy-map for inside interface and seperate for outside/dmz interface. The following will work for whichever server (inside or outside) initiates the connection.
access-list tcptime permit ip host 172.21.3.5 host 172.21.4.4
access-list tcptime permit ip host 172.21.4.4 host 172.21.3.5
class-map TCP
match access-list tcptime
policy-map global_policy
class TCP
set connection timeout tcp 2:0:0
please rate if the solution is helpful to you.