Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 8.0(4) can I set a timeout for an individual tcp service?

I am running into an issue where one of the tcp services going through my PIX running 8.0(4) sends packets AFTER the specific connection has timed out. The result is that it reports an error on a packet for a non existing connection. Is there a way for me to increase the timeout for this one specific tcp service? I know this can be done in Checkpoint Firewalls, and I am looking for an equivalent mechanism in the PIX.

Any help is appreciated.

thanks

Joerg

2 REPLIES
Cisco Employee

Re: Pix 8.0(4) can I set a timeout for an individual tcp service

Hi Joerg,

Yes it can be done. You can use MPF to do it. Here is an example

hostname(config)# class-map http_traffic

hostname(config-cmap)# match port tcp eq 80

hostname(config)# policy-map outside_policy

hostname(config-pmap)# class http_traffic

hostname(config-pmap-c)# set connection timeout tcp 0:10:0

service-policy outside_policy interface outside

Also explained here http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mpc.html#wp1082979

I hope it helps.

PK

New Member

Re: Pix 8.0(4) can I set a timeout for an individual tcp service

Hi,

Please try the dead-connection-detection option that is newly introduced in 8.0(4) code.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s1.html#wp1396112

Hope this helps!

Thanks,

Manish

Cisco TAC

132
Views
0
Helpful
2
Replies