Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
2
Replies

ASA Timeout questions

srroeder
Level 1
Level 1

‎06-09-2011 09:36 AM - edited ‎03-11-2019 01:43 PM

I don't know if this problem is a ASA issue or other,  just looking for opinions.

I have a Corporate website where my users keep getting disconnected from.   The admin of that website sent me this information in an email.....

I've traced two sessions since Wed:  Both had the same experience.   Both paused for over 2 minutes.  Lost their session.  Logged back in on another server.

Our current Server infrastructure is stateful, so our load balancer directs users to the same server based upon IP.  A technique known as sticky sessions.   This problem indicates that the IP changed after they paused.   The server session expires after 2 hours.  

All indications point to your firewall assigning users new outbound public IP if they pause for a duration well short of an hour.  Perhaps that firewall session can be lengthened or the same public IP assigned to their outbound traffic.

Does this sound like a possible timeout setting in the ASA?  
Thanks in advance for your help.
Labels:
0 Helpful
2 Replies 2

varrao
Level 10
Level 10

‎06-09-2011 10:05 AM

Hi,

Check the timeout value on the device "show run timeout" for tcp connections, i guess by default it is 3 hours.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

srroeder
Level 1
Level 1
In response to varrao

‎06-09-2011 10:59 AM

Here is the output from the "sho run timeout" command....  basically all defaults I think.

timeout xlate 1:30:00

timeout conn 12:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:30:00 absolute

timeout tcp-proxy-reassembly 0:01:00

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card