Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
2
Replies

PIX access connection reset

James Lasky
Level 1
Level 1

‎10-03-2006 06:51 AM - edited ‎02-21-2020 01:12 AM

Hi

when I connect via Telnet/Ssh my PIX-506E (6.3(5)) after an indeterminate time I'm logged-out for connection reset.

Pinging the PIX interface no packet is lost and this is definitly not a network problem.

Does anybody experienced this kind of problem ?

follows the very simple PIX config.

Tks

ric

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet0 vlan46 logical

interface ethernet0 vlan92 logical

interface ethernet1 auto

nameif ethernet0 trunklink security0

nameif ethernet1 inside security100

nameif vlan46 intf2 security4

nameif vlan92 intf3 security6

enable password xxx

passwd xxx

hostname DITpix02

domain-name t-systems.it

clock timezone WAT 1

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

logging on

logging console debugging

icmp permit any inside

mtu trunklink 1500

mtu inside 1500

ip address trunklink 217.172.66.88 255.255.255.224

ip address inside 192.168.252.132 255.255.255.240

ip address intf2 192.168.252.146 255.255.255.248

no ip address intf3

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.252.0 255.255.255.240 inside

pdm location 192.168.252.0 255.255.255.0 inside

pdm location 192.168.0.0 255.255.0.0 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (trunklink) 1 interface

access-group inside-in in interface inside

access-group intf2-in in interface intf2

route trunklink 0.0.0.0 0.0.0.0 217.172.66.94 1

route inside 192.168.0.0 255.255.0.0 192.168.252.131 1

route inside 217.172.28.0 255.255.0.0 192.168.252.131 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

telnet 192.168.252.128 255.255.255.240 inside

telnet 217.172.28.0 255.255.255.0 inside

telnet timeout 30

ssh 217.172.28.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 750

terminal width 80

Cryptochecksum:xxx

: end

0 Helpful
2 Replies 2

Patrick Iseli
Level 7
Level 7

‎10-03-2006 07:40 AM

You have configured :

telnet timeout 30 = 30 minutes timeout

ssh timeout 5 = 5 minutes timeout

change this to 0 = to disable timeout on telnet and ssh or set a longer time.

sincerely

Patrick

0 Helpful

James Lasky
Level 1
Level 1
In response to Patrick Iseli

‎10-09-2006 02:18 AM

thks patrick

but this is not the problem, since I get the disconnection after 50 sec...

and anyway is not possible anymore disable the timout...

I put it to 60 mins and nothing changed.

Greetings

Ric

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card