I've been having a devil of a time getting exec-timeout to clear idle vty/ssh sessions. This investigation started when we were rolling out new Catalyst 4507R+E switches with Sup7L-E's under IOS XE 03.04.02.SG (what they shipped from the factory with.) Idle SSH sessions on the vty lines were not being cleared, despite the config being:
line vty 0 4 access-class VTY_ACL in exec-timeout 30 0 logging synchronous length 0 transport input ssh
So I opened a TAC case, and eventually they referred to bug CSCug31122. This wasn't terribly satisfying, as we are not talking about new or revolutionary functionality, and a general distribution release on a mature platform. Clearing an idle session does not require the most sophisticated programmer at Cisco. But this led me to do more tests, and I have yet to find a hardware/IOS combination where this works correctly. So far I have failures for:
4507R+E/Sup7L-E/IOS XE 03.04.02.SG, both vty and console lines
3560/12.2(40)SE, vty lines with ssh
3750/12.2(44)SE6, vty lines with both telnet and ssh
This seems more than coincidence. Is there something I am missing, or is this an unusually complicated programming issue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...