https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153600#M876761 <P>I have a 2811 router with IP Inspect enable for Ingress traffic but it is quite generic:</P><P></P><P>ip inspect name firewall tcp</P><P>ip inspect name firewall udp</P><P>ip inspect name firewall icmp</P><P>ip inspect name firewall dns</P><P></P><P>int Serial1/1</P><P>ip inspect firewall out</P><P></P><P> Inspection name firewall</P><P> tcp alert is on audit-trail is off timeout 3600</P><P> udp alert is on audit-trail is off timeout 30</P><P> icmp alert is on audit-trail is off timeout 10</P><P> dns alert is on audit-trail is off timeout 30</P><P></P><P></P><P>I have an application that connects outbound that keeps timing out. It uses a specific TCP port. I'd like to increase this TCP port's timeout period, but keep the other TCP ports at the default.</P><P></P><P>Is this possible?</P><P></P><P>Router(config)#ip inspect name firewall tcp ? </P><P> alert Turn on/off alert</P><P> audit-trail Turn on/off audit trail</P><P> router-traffic Enable inspection of sessions to/from the router</P><P> timeout Specify the inactivity timeout time</P><P> &lt;cr&gt;</P><P></P><P></P> Mon, 11 Mar 2019 14:47:12 GMT mdcarey15 2019-03-11T14:47:12Z https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153600#M876761 <P>I have a 2811 router with IP Inspect enable for Ingress traffic but it is quite generic:</P><P></P><P>ip inspect name firewall tcp</P><P>ip inspect name firewall udp</P><P>ip inspect name firewall icmp</P><P>ip inspect name firewall dns</P><P></P><P>int Serial1/1</P><P>ip inspect firewall out</P><P></P><P> Inspection name firewall</P><P> tcp alert is on audit-trail is off timeout 3600</P><P> udp alert is on audit-trail is off timeout 30</P><P> icmp alert is on audit-trail is off timeout 10</P><P> dns alert is on audit-trail is off timeout 30</P><P></P><P></P><P>I have an application that connects outbound that keeps timing out. It uses a specific TCP port. I'd like to increase this TCP port's timeout period, but keep the other TCP ports at the default.</P><P></P><P>Is this possible?</P><P></P><P>Router(config)#ip inspect name firewall tcp ? </P><P> alert Turn on/off alert</P><P> audit-trail Turn on/off audit trail</P><P> router-traffic Enable inspection of sessions to/from the router</P><P> timeout Specify the inactivity timeout time</P><P> &lt;cr&gt;</P><P></P><P></P> Mon, 11 Mar 2019 14:47:12 GMT https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153600#M876761 mdcarey15 2019-03-11T14:47:12Z https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153601#M876762 <HTML><HEAD></HEAD><BODY><P>This is the syntax for CBAC. </P><P>ip inspect name inspection-name protocol [timeoutseconds]</P><P></P><P>ip inspect one-minute high</P><P>ip inspect max-incomplete high</P><P>ip inspect tcp max-incomplete host</P></BODY></HTML> Thu, 12 Feb 2009 14:38:40 GMT https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153601#M876762 owillins 2009-02-12T14:38:40Z https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153602#M876763 <HTML><HEAD></HEAD><BODY><P>It looks like I can only do that command for specific protocols though, not for a TCP or UDP port not already defined (like H323), or the entire TCP or UDP port realm.</P></BODY></HTML> Thu, 12 Feb 2009 15:22:27 GMT https://community.cisco.com/t5/network-security/ip-inspect-increase-timeout-on-tcp-port/m-p/1153602#M876763 mdcarey15 2009-02-12T15:22:27Z