We have recently installed FWSM into 6509 chassis. Placed several VLANs (with servers attached) behind FWSM with NO restricions. PING OK but next day when users start using the Server Apps they report interruptions to the Servers. We are thinking that this may be a "keepalive" issue on the Servers. Has anyone had this issue? Any ideas on how to address this problem? Thanks Mucho!
It's not clear to me from your description what the problem is. If you're saying that existing connections appear hung after some period of inacitivity (rather than being unable to make new connections), then the problem is probably that your applications (tcp-based) don't use keepalives by default (telnet is an example of this). The default timeout for idle connections is 1 hour, and if you're not using keepalives, the existing connection will not respond after being idle that long (although new connections will be permitted).
There are 2 approaches to fix this ... you can configure the servers to use keepalives (exactly how you do this will vary from application to application and depend on your server operating system), or you can use a policy map to identify the applications that are timing out, and a service policy to reset the idle timeout for these applications.
The latter would look something like this:
access-list 101 permit tcp any any eq telnet
description telnet traffic
match access-list 101
set connection timeout tcp 10:00:00 reset
service-policy telnet interface outside
This will set the timeout to 10 hours (I don't knwo what the maximum is), and cause any applications that do timeout to close (reset), rather than hang around looking viable but unresponsive on the client side.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...