I've come across a problem w/ a home-grown application on a DMZ opening a connection to an internal SQL server through a PIX. The app seems to want to open a connection and keep it open forever. The Pix, as per default, drops the connection after an hour. In response to irrate developers we've upped the timeout value to 3 hrs, hoping that at least some traffic would flow through that socket within that time-period.
Has anyone else come across a similar problem? Have you any other thoughts on settings that could be changed. We'd like to limit the timeout value somewhat and are pushing the developers to write in some type of keep-alive transaction (slim chance).
Until you get your application fixed, youll have to keep that timeout value up there. The only problem is, this eats away at other PIX resources. 3 hours shouldnt be too bad, more might be... depending on your network and usual load.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...