https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837897#M460331 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>1-There is no need for a connection to be idle in order to be closed, I mean there are other facts that will turn the connection down, also remember that the ASAS can statefully inspect TCP/UDP (by default)&nbsp; and ICMP if configured.</P><P></P><P>2-Yes, they appear there.</P><P></P><P>3-Correct, if you have a timeout 0 0 that will cause some issues ( No ports available if PAT is being used,etc) as none of the connections are being closed.</P><P></P><P>Regards,</P><P></P><P>Julio</P><P></P><P>Do rate helpful posts!!</P></BODY></HTML> Wed, 01 Feb 2012 05:29:02 GMT Julio Carvajal 2012-02-01T05:29:02Z https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837896#M460330 <P>Hi all, just have a few questions about UDP timeout.</P><P></P><P>1. From what I understand connectionless protocols such as UDP have to idle out to be closed, as their is no connection information, is this correct?</P><P> 2. Do these connections appear in the connection/State table?&nbsp; </P><P>3. If you disable the UDP timeout on the firewall, doesnt this mean that the UDP sessions could fill up the state table as no of the connections woulf time out?</P> Mon, 11 Mar 2019 22:21:45 GMT https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837896#M460330 networker99 2019-03-11T22:21:45Z https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837897#M460331 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>1-There is no need for a connection to be idle in order to be closed, I mean there are other facts that will turn the connection down, also remember that the ASAS can statefully inspect TCP/UDP (by default)&nbsp; and ICMP if configured.</P><P></P><P>2-Yes, they appear there.</P><P></P><P>3-Correct, if you have a timeout 0 0 that will cause some issues ( No ports available if PAT is being used,etc) as none of the connections are being closed.</P><P></P><P>Regards,</P><P></P><P>Julio</P><P></P><P>Do rate helpful posts!!</P></BODY></HTML> Wed, 01 Feb 2012 05:29:02 GMT https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837897#M460331 Julio Carvajal 2012-02-01T05:29:02Z https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837898#M460333 <HTML><HEAD></HEAD><BODY><P><EM>"There is no need for a connection to be idle in order to be closed, I&nbsp; mean there are other facts that will turn the connection down,"</EM></P><P></P><P>Like what?&nbsp; There is no state information so how does the firewall know the connection is done with?</P></BODY></HTML> Wed, 01 Feb 2012 13:07:49 GMT https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837898#M460333 networker99 2012-02-01T13:07:49Z https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837899#M460334 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I think I did not explain my self on the last post I was talking about the behavior of the ASA with a stateful protocol, with the protocol udp the stateful firewall will use the <STRONG style="color: #000000; font-family: sans-serif; line-height: 19px; text-align: -webkit-auto; background-color: #ffffff;">hole punching as the </STRONG><STRONG style="color: #000000; font-family: sans-serif; line-height: 19px; text-align: -webkit-auto; background-color: #ffffff;">method to detect or keep track of the connection.</STRONG></P><P>Such sessions usually get the ESTABLISHED state immediately after the first packet is seen by the firewal</P><P>Sessions in connectionless protocols (like UDP) can only end by time-out.</P><P></P><P>But the ASA do keep track of these connections as I mention before.</P><P><STRONG style="color: #000000; font-family: sans-serif; line-height: 19px; text-align: -webkit-auto; background-color: #ffffff;"><BR /></STRONG></P><P>Hope this helps!</P><P></P><P>Julio</P></BODY></HTML> Wed, 01 Feb 2012 14:25:21 GMT https://community.cisco.com/t5/network-security/udp-timeout-asa/m-p/1837899#M460334 Julio Carvajal 2012-02-01T14:25:21Z