Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

uauth on Pix

Hi, a couple of questions here, firstly I understand the uauth settings on the pix are as follows:

timeout uauth - 5 mins - Sets the duration before the authentication and authorization cache times out and the user has to re-authenticate the next connection.

timeout xlate - 3 hours - Specifies the idle time until a translation slot is freed; the minimum value is one minute.

timeout conn - 1 hour - Specifies the idle time after which a connection closes; the minimum duration is five minutes.

Just wanting to get my head around some things:

1. if the timeout uauth is set to 5 mins, just what does this mean. Does it mean that if I authenticate and start an rdp session to host A, then that session is ok until I disconnect in a couple of hours, but if I try to start a another connection to host B after that first 5 minutes I then have to reauth first to get that new connection to B going ??

2. What conditions causes the need for a re-auth first, (e.g. loss off all connections, conn timer expired, xlate timer expired or auth timer expired etc) I would have thought the disconnection of session would trigger the timeout conn of one hour - so if I disconnected, then came back 55 minutes later I could still get to that session I previously had open.....

thanks in advance

1 REPLY
Bronze

Re: uauth on Pix

timer uauth command has two options. absolute and inactivity. Absloute timer expires every 5 mins and you will have to re authenticate every 5 mins. If you enable inactivity timer, then you will have to reauthenticate only if the connection is left inactive for 5 mins.

The following link explains the different options for this command:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1026093

99
Views
0
Helpful
1
Replies
CreatePlease to create content