cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2853
Views
0
Helpful
1
Replies

question of ace tcp idle-timeout tunning.

syjeon
Level 1
Level 1

first of all, please check the tcp-idle time out tunning.

parameter-map type connection TCP_Timer_24h

  set timeout inactivity 86400

class-map match-all NET1

  2 match access-list net1

policy-map multi-match Outbound_TCP

  class NET1

    connection advanced-options TCP_Timer_24h

interface vlan 162

  description [Channel_AP_server_vlan]

  access-group input everyone

  access-group output everyone

  service-policy input remote_mgmt_allow

  service-policy input Outbound_TCP

sh conn detail

(omit)

20422     1  out TCP   162  xxx.xxx.xxx.xxx:20763  xxx.xxx.xxx.xxx:5105  ESTAB

          [ conn in reuse pool : FALSE]

          [ idle time   : 88:17:16,   byte count  : 0          ]

          [ elapsed time: 88:17:16,   packet count: 0          ]

regarding the configuration, We had configured the tcp-idle timeout to 24 hour on specific network.(refer xxx.xxx.xxx.xxx)

but when we enter show conn detail that network, the idle time was showen like above. 88 Hour.

if the session is try connection to the sever over 24 hour, ace didn't disconnct that connection, although 24 hour over?

1 Reply 1

Roble Mumin
Level 3
Level 3

In my setup i have applied the TCP parameter map global. If you apply it to an interface an bind an access list to an interface the traffic originating from the other Vlan might not be included in the parameter map. That could be a possible issue but i am not sure though.

The TCP sessions get their idle timeout adjusted after you have applied the parameter map. So if you already have established connections they will still have the old values. Clear the connections, apply the parameter map and then have a look at the regarding connections again.

Roble

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: