https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774529#M533951 <HTML><HEAD></HEAD><BODY><P>Please upload the file using "advanced editor" on top right. </P></BODY></HTML> Tue, 09 Aug 2011 15:40:08 GMT csaxena 2011-08-09T15:40:08Z https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774526#M533942 <P>A few weeks ago, I replaced a PIX 515E with a pair of ASA 5520's.&nbsp;&nbsp;&nbsp; We have a few basic web applications behind the ASA's.&nbsp;&nbsp; Nothing complex;&nbsp; just port 80/443 traffic.&nbsp;&nbsp;&nbsp; During the swap, we basically just copied the config from the PIX to the ASA.&nbsp;&nbsp; So the config is virtually identical.</P><P></P><P>Since the swap, we have one small set of users who gets timed out when trying to get to the application.&nbsp;&nbsp;&nbsp; This small set of users are scattered across the state of Alaska, and they are all accessing the Internet via a satellite connection.&nbsp;&nbsp; All other users across North America can access the application just fine.&nbsp;&nbsp; </P><P></P><P>Since the satellite connections are relatively slow, but they worked fine when going through the PIX, I suspect the issue is a difference in the default TTL (or similar parameter) between the PIX and the ASA.</P><P></P><P>Does anyone know what this paramter would be.&nbsp; I've been scratching my head for days on this.</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 21:09:21 GMT https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774526#M533942 david_opalenik 2019-03-11T21:09:21Z https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774527#M533945 <HTML><HEAD></HEAD><BODY><P>Hello David, </P><P></P><P>Please share the outputs of "show run timeout" and "sho conn details" and what version of ASA are you using ?</P><P></P><P>- Chirag</P></BODY></HTML> Tue, 09 Aug 2011 15:28:01 GMT https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774527#M533945 csaxena 2011-08-09T15:28:01Z https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774528#M533949 <HTML><HEAD></HEAD><BODY><P>Cisco Adaptive Security Appliance Software Version 8.0(4)</P><P></P><P></P><P>SPRO-ASA# show runn timeout</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P></P><P></P><P>The output of "sho conn detail" is many pages long.&nbsp;&nbsp; Should I filter output on </P><P>something to make it more helpful?&nbsp;&nbsp; What specifically should I look for in the </P><P>output of "show conn detail"?</P><P></P><P>Thanks!</P></BODY></HTML> Tue, 09 Aug 2011 15:34:44 GMT https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774528#M533949 david_opalenik 2011-08-09T15:34:44Z https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774529#M533951 <HTML><HEAD></HEAD><BODY><P>Please upload the file using "advanced editor" on top right. </P></BODY></HTML> Tue, 09 Aug 2011 15:40:08 GMT https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774529#M533951 csaxena 2011-08-09T15:40:08Z https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774530#M533953 <HTML><HEAD></HEAD><BODY><P>Output of "show conn detail" was uploaded.</P></BODY></HTML> Tue, 09 Aug 2011 15:50:46 GMT https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774530#M533953 david_opalenik 2011-08-09T15:50:46Z https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774531#M533956 <HTML><HEAD></HEAD><BODY><P>Hi David,</P><P></P><P>Do you have a set of IP addresses facing this issue? You could try increasing the idle timeout for TCP connections using the <STRONG>timeout conn</STRONG> command though i find it highly improbably that the connections fomr the Alaska users is idle for 1 hour.</P><P></P><P>How long does the connection work before they start timing out?</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Tue, 23 Aug 2011 18:59:55 GMT https://community.cisco.com/t5/network-security/asa-vs-pix-timeout/m-p/1774531#M533956 praprama 2011-08-23T18:59:55Z