cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


138
Views
0
Helpful
1
Replies
Beginner

ZBFW: UDP timeout config for VPN

I have an IPsec VPN config which uses UDP 500 and UDP 4500. After adding a basic ZBFW config to block unsolicited incoming connection. I noticed my VPN is flapping occasionally. Since it does not occur consistently, I suspect it has to do with session timeout.

 

This is a VPN client, I do not want to add bypass for all UDP 500/4500 traffic. Is there a global config for ZBFW UDP timeout? The CBAC config "ip inspect udp idle-time 60" does not work anymore.\

 

On a related note, what is the default UDP session timeout for ZBFW?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: ZBFW: UDP timeout config for VPN

Answering my own question here:

 

Base on my experiment, the default UDP session timeout is 30s. And here is the way to change the UDP session timeout for ZBFW:

 

parameter-map type inspect default

  udp idle-time 60

 

 

1 REPLY 1
Highlighted
Beginner

Re: ZBFW: UDP timeout config for VPN

Answering my own question here:

 

Base on my experiment, the default UDP session timeout is 30s. And here is the way to change the UDP session timeout for ZBFW:

 

parameter-map type inspect default

  udp idle-time 60