08-30-2018 07:38 AM - edited 02-21-2020 08:10 AM
Dear All,
I have a doubt on working with timeouts and state table.
Below is the Same output
ASA# show conn protocol tcp
101 in use, 5589 most used
TCP outside 10.23.232.59:5223 inside 192.168.1.3:52419, idle 0:00:11, bytes 0, flags saA
TCP outside 192.168.3.5:80 dmz 172.16.103.221:57646, idle 0:00:29, bytes 2176, flags UIO
TCP outside 10.23.232.217:5223 inside 192.168.1.3:52425, idle 0:00:10, bytes 0, flags saA
TCP outside 10.23.232.217:443 inside 192.168.1.3:52427, idle 0:01:02, bytes 4504, flags UIO
TCP outside 10.23.232.57:5223 inside 192.168.1.3:52412, idle 0:00:23, bytes 0, flags saA
TCP outside 10.23.232.116:5223 inside 192.168.1.3:52408, idle 0:00:23, bytes 0, flags saA
TCP outside 10.23.232.60:5223 inside 192.168.1.3:52413, idle 0:00:23, bytes 0, flags saA
TCP outside 10.23.232.96:5223 inside 192.168.1.3:52421, idle 0:00:11, bytes 0, flags saA
TCP outside 10.23.232.190:5223 inside 192.168.1.3:52424, idle 0:00:10, bytes 0, flags saA
In the Mentioned output of the command show conn.
What does idle mean ? and how does it works.
08-30-2018 08:29 AM
Hi there,
Each line represents a seperate connection and the idle timer indicates the elpased time since a packet relevant to that connection has passed through the ASA.
cheers,
Seb.
08-30-2018 09:04 AM
Thanks Seb,
Let us consider the UDP packet crossed the firewall and there is no reply from destination and my TCP timeout is 2 Mins and i have configured embryonic timeout to be 40 mins and idle time out as 1 hr so in this will the connection table will exists till 1 hour or will be cleared after 2 Mins.
Configuration.
class Default_class
set connection embryonic-conn-max 3000
set connection timeout embryonic 0:40:00 idle 1:00:00
08-30-2018 12:57 PM
UDP and TCP are handled differently. There is no state with UDP so no concept of being embryonic (half-open).
UDP connections are cleared by configuring the UDP idle timeout:
! timeout udp <hh:mm:ss> !
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide