Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

What is the default timeout value for PIX to terminate an idle TCP connecti

What is the default timeout value for PIX to terminate an idle TCP connection - Is it 15 minutes. I vaguely recall it is 15 minutes.

5 REPLIES
Purple

Re: What is the default timeout value for PIX to terminate an id

I believe the TCP connection slot is freed up 60 seconds after the TCP connection is closed.

Hope that helps - pls rate the post if it does.

Paresh

Community Member

Re: What is the default timeout value for PIX to terminate an id

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1026093

Usage Guidelines

The timeout command sets the idle time for connection, translation UDP, RPC, and H.323 slots. If the slot has not been used for the idle time specified, the resource is returned to the free pool. TCP connection slots are freed approximately 60 seconds after a normal connection close sequence.

pixfirewall# sh timeout

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

Community Member

Re: What is the default timeout value for PIX to terminate an id

The TCP connection is still active between a Server and Client but no traffic is being passed - what happens then. Does the PIX close the connection after a certain time interval of no traffic.

Community Member

Re: What is the default timeout value for PIX to terminate an id

i think in this case the pix is going to keep that connection up default to 1 hour. it will close that connection to free up memory.

remember: pix is a stateful firewall. it maintains a history of traffic passed through and keeps track of tcp sequences, SYN, SYN/ACK, ACK, and etc. it will recognize a FIN when the connection terminates gracefully and cloe a connection.

check out these commands:

show xlate

show conn detail

Community Member

Re: What is the default timeout value for PIX to terminate an id

By default it's an hour, but issue a 'show timeout' command to see what your PIX is set to.

750
Views
10
Helpful
5
Replies
CreatePlease to create content