cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


244
Views
0
Helpful
3
Replies
Beginner

TCP/UDP Timeout (TTL) in seconds to remote subnet

Is it possible to modify UDP and TCP timeout connections in seconds to a specific remote subnet in a Cisco ASA? I have seen the timeout and set connection timeout values but I don't think either provides the result I am looking for.

 

How do I create a rule that has a certain UDP and TCP connection timeout in seconds from an inside vlan to a remote subnet only - thus not affecting all traffic.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: TCP/UDP Timeout (TTL) in seconds to remote subnet

Hi,

You can apply different timeout values to certain local/remote networks, using the Modular Policy Framework (MPF) to achieve this, reference here. You would need to specify the local/remote networks in the ACL referenced in the class-map, you don't necessarily need to define services as per the example. All other traffic (traffic not defined in the ACL) would continue to use the default timeout values.

 

HTH

View solution in original post

3 REPLIES 3
Rising star

Re: TCP/UDP Timeout (TTL) in seconds to remote subnet

I dont think you can do in your current requirement.

 

have a look on this document. 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/conns_connlimits.html 

please do not forget to rate.
Highlighted
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: TCP/UDP Timeout (TTL) in seconds to remote subnet

Hi,

You can apply different timeout values to certain local/remote networks, using the Modular Policy Framework (MPF) to achieve this, reference here. You would need to specify the local/remote networks in the ACL referenced in the class-map, you don't necessarily need to define services as per the example. All other traffic (traffic not defined in the ACL) would continue to use the default timeout values.

 

HTH

View solution in original post

Beginner

Re: TCP/UDP Timeout (TTL) in seconds to remote subnet

Looks like what I need, thank you!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here