i got a Problem on a customer which is using a Failover ASA 5510 pair with SSM-CSC-10-K9 modules.
The clients have to connect to a webserver where they are doing some calculations.
If they prepare everything and want to calculate everything what takes a couple of time the session is after about 3 minutes timedout.
My first idea was to set session specific timeouts which are a bit longer then the normal but this setting did not work
I created a policy which did not work for me.
Does somebody has a conclusion for me how to set connection specific timeout's?
policy which did not work:
access-list global_mpc_1 line 1 extended permit tcp object-group NET_Group_RFC1918 object H_EXT_Xeditor eq http
match access-list global_mpc_1
set connection timeout embryonic 0:10:00 half-closed 0:10:00 idle 1:00:00 reset dcd 0:15:00 5
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
inspect h323 h225
inspect h323 ras
inspect icmp error
set connection timeout embryonic 0:10:00 idle 1:00:00 reset dcd 0:15:00 5
on a capture on this traffic we've seen return traffic after about 90 seconds. But we already raised the timeouts for pat-xlate to 2minutes but it also does not work