cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


205
Views
5
Helpful
2
Replies
Highlighted
Beginner

Cisco ASA kills idle sessions

Hi everyone, 

 

I just got in a strange situation here. I've got an ASA 5516-x with Software Version 9.9(2)36. 

We have some services which are connecting from DMZ site to LAN site via 1521 (sqlnet) to an oracle database. Sometimes when there is no traffic session is just being disconnected, however when you roll in the same service in LAN segment only it stays connected. 

 

My question is, does ASA have some policy to disconnect idle sessions and clear the session table and if yes, is there a possibility to tweak that for the longer time or exclude this specific traffic at all? 

 

Thank you in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: Cisco ASA kills idle sessions

Yes, the ASA has connection idle timeouts for different protocols. You can change this as well:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/firewall/asa-99-firewall-config/conns-connlimits.html

 

Default timeout for TCP is 1 hour.

2 REPLIES 2
VIP Advocate

Re: Cisco ASA kills idle sessions

Yes, the ASA has connection idle timeouts for different protocols. You can change this as well:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/firewall/asa-99-firewall-config/conns-connlimits.html

 

Default timeout for TCP is 1 hour.

Beginner

Re: Cisco ASA kills idle sessions

Hello, Rahul.

Really appreciate the help. I created a class map, which applied to policy map and applied to LAN interface with unlimited conn and unlimited half-close for sqlnet traffic for ingress traffic for that specific service. Seems working like a charm.

 

Regards, 

Olim