Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
1
Replies

asa5520 - timeout issue

julxu
Level 1
Level 1

‎06-03-2010 10:31 PM - edited ‎03-11-2019 10:54 AM

hi

I have problems with my asa5520 ver7.2(4) - routed, firewall. the problem is the server behind inside interface has timeout when it talks to server front of outside interface. the timeout problem include server's batch job report system time out, and user ssh experience. the user ssh idle timeout seems veris time by time, 50 min, 2:30, and 3:30. it confuses me.

However, could I get some advice on where possible area I should look into?

Any comments will be appreciated

Thanks in advance

julxu

Labels:
0 Helpful
1 Reply 1

m.kafka
Level 4
Level 4

‎06-04-2010 02:47 AM

hi julxu,

tcp timeouts will occur for ASA connections when no packets are seen for a configured idle time. The connection will be deleted from the ASA's connection table and subsequents packets will be dropped.

How to olve the issue:

configure a traffic class, describing the sessions which experience the problem.

configure a policy action to extend the timeouts:

hostname(config)# class-map CONNS
hostname(config-cmap)# match [match-criterea]

hostname(config)# policy-map [policy-name]
hostname(config-pmap)# class CONNS
hostname(config-pmap-c)# set connection timeout tcp 2:0:0 embryonic 0:40:0 half-closed 0:20:0 dcd

hostname(config-pmap-c)# [other-policy-actions]

dcd is a nice option, that sends tcp-probes (0-segments) to test whether the connection is still valid before timing out.

always remember that the first class that matches in a policy map decides the actions. So everything else like inspection etc should be added as additional policy actions.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card