Hi,

I'm seeing connections which are established through ASA are not getting cleared from connection table.

I've defined the time out conn globally on the firewall, but not seeing that idle connections are not getting timeout & removed from the connection table.

!

timeout conn 1:10:00 half-closed 0:10:00 udp 0:01:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 1:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00

!

Below are some of the connection count which are observed to be more than configured timeline.

UDP dmz1  y.y.y.y:162 inside  x.x.x.x:162, idle 227:28:39, bytes 9946115, flags - 

TCP dmz1  z.z.z.z:22 inside  x.x.x.x:64880, idle 243:16:17, bytes 13755432, flags UI

UDP dmz1  y.y.y.y:162 inside  x.x.x.x:49962, idle 640:41:09, bytes 1599882, flags - 

TCP dmz1  a.a.a.a:22 inside  x.x.x.x:56750, idle 600:06:46, bytes 148361, flags UIO 

Some connections are having there flag set which says its up, but whereas many are not having any flags set(empty).

I'm running with 9.1(2) code.