Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

ASA Inspection with IPsec

lxcollin1
Level 1
Level 1

‎08-12-2006 03:19 AM - edited ‎02-21-2020 01:06 AM

Hello,

I wanted to verify that IPsec traffic terminating on an ASA will be Inspected.

I am trying to inspect all SSH traffic that traverses my ASA. The inspection should change the TCP timeout from the default value to 48 hours. I want to make sure that both IPsec and non-ipsec traffic is inspected. Will the following config work?:

access-list cmap-ssh extended permit tcp any any eq ssh

!

class-map match-ssh

match access-list cmap-ssh

!

policy-map global_policy

class match-ssh

set connection timeout tcp 48:00:00

!

service-policy global_policy global

Thanks!!!

Lee

0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎08-12-2006 11:47 PM

..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card