Hello,
After reading a few post about this, I've been trying to test the procedure.
I configured an ACL for a test workstation, connecting to a RServer, simple by going through the ACE, and tried to change the idle_timeout, but can't seem to put it to work.
What I did:
access-list ACL_TCP_IDLE line 8 extended permit tcp host 172.26.112.193 any
access-list ACL_TCP_IDLE line 9 extended permit tcp any host 172.26.112.193 (for test purposes)
parameter-map type connection TCP_IDLE
set timeout inactivity 15
class-map match-all TCP_IDLE_CLASS
2 match access-list ACL_TCP_IDLE
After this, I tried putting the class into the existing policy, and also tried applying the service policy to the VLAN. Both don't seem to work.
Test 1:
policy-map multi-match server-policy
class .....
class TCP_IDLE_CLASS
connection advanced-options TCP_IDLE
Test 2:
policy-map multi-match TCP_CONN
class TCP_IDLE_CLASS
connection advanced-options TCP_IDLE
int VLAN Servers
service-policy input TCP_CONN
What seems stange is than looking to the ACL, it seems not to be active, and there are no hits:
access-list:ACL_TCP_IDLE, elements: 2, status: NOT-ACTIVE
remark :
access-list ACL_TCP_IDLE line 8 extended permit tcp host 172.26.112.193 any
access-list ACL_TCP_IDLE line 9 extended permit tcp any host 172.26.112.193
Has anyone done something like this ?