Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5882
Views
4
Helpful
6
Replies

Default https inactivity connection timeout

arun.mohan
Level 1
Level 1

‎03-29-2012 10:35 PM

Hi,

Below are default inactivity connection time out for A3(1.0) So by defult any tcp connection(http or https) will be timed out in an hour.

The defaults are as follows:

ICMP—2 seconds

TCP—3600 seconds (1 hour)

UDP—120 seconds (2 minutes)

as per http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/tcpipnrm.html

Was this change in the A4(2.0) code or is it still the same? I heard a TAC engg say that default inactivity timeout for http and https are now 5 mins that is 300 seconds.

Labels:
0 Helpful
6 Replies 6

rodrguti_2
Level 1
Level 1

‎04-06-2012 09:13 PM

Hello Arun,

The 3600 seconds for TCP apply just for TCP ports different than https and http, you can see that while you are configuring the parameter map in the description, but please take a look at the command reference:

http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/parammap.html#wp1103747

This has been like this since the initial codes.

So it does apply for A4(2.0) and all other codes, including the old ones.

HTH

Rodrigo.

0 Helpful

arun.mohan
Level 1
Level 1
In response to rodrguti_2

‎04-07-2012 02:50 AM

Thanks Rodrigo. So what is the default timeout for http and https connections via ACE?

merci,

arun

0 Helpful

rodrguti_2
Level 1
Level 1
In response to arun.mohan

‎04-07-2012 11:34 AM

Hi Arun,

The default timeout for HTTP and HTTPS is 300 seconds.

Regards,

Rodrigo

0 Helpful

t_songtong
Level 1
Level 1
In response to rodrguti_2

‎02-25-2015 12:27 AM

Hi Rodrigo,

    Can we change the timeout of HTTP & HTTPS? As the CLI just allows only TCP (change 3600 to other value). If it can't be changed, all HTTP/HTTPS will have to live with 5 minutes timeout. Could you please advise?

 

Regards,

Thanawoot

0 Helpful

t_songtong
Level 1
Level 1
In response to t_songtong

‎02-26-2015 12:09 AM

Ok, I tried to "set timeout inactivity 1000", no more HTTP/HTTPS in the output of show parameter. I understand that when set timeout inactivity, the ACE treats all TCP timeout with a new setting value, and no more special setting for HTTP/HTTPS.

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to t_songtong

‎02-26-2015 07:52 AM

Hi,

Yes you are right. But you can apply the parameter map to appropriate class map so that it only applies to the traffic you want it to.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card