Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

timeout problem with asa5520 v7.2

Greating

My servers behind asa5520 inside interface, seems have problem with timeout.

all the sessions from internet to inside servers seems be cut off if user keep idle more than 30 mins.

however, the subnet which I did configure the box has not such problems.

Could anyone advice me if the ASA5520 can control the session timeout?

Any comments will be apprecaited

Thanks in advice

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: timeout problem with asa5520 v7.2

Yes, the ASA control the session timeout, otherwise if a host in the internet just leave the connection (without an RST or FIN) it would be endless active in ASA.

You must use a feature in ASA that veryfies the connection by sending packets to both hosts with spoofed information, to see if the respond to that connection.

in the link:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html

look for "DCD"

you should use "timeout tcp" option, whith a timeout lower then 30 minutes.

1 REPLY
Bronze

Re: timeout problem with asa5520 v7.2

Yes, the ASA control the session timeout, otherwise if a host in the internet just leave the connection (without an RST or FIN) it would be endless active in ASA.

You must use a feature in ASA that veryfies the connection by sending packets to both hosts with spoofed information, to see if the respond to that connection.

in the link:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html

look for "DCD"

you should use "timeout tcp" option, whith a timeout lower then 30 minutes.

168
Views
0
Helpful
1
Replies