Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
0
Helpful
5
Replies

Cisco ASA Model 5512-x

kyawhtinwin
Level 1
Level 1

‎02-20-2019 12:50 AM - edited ‎02-21-2020 08:50 AM

Hi Support,

 

Regarding the traffic, One of my customers wants to upload 50GB data from DR Network to DC Network via port 22. There have to pass through 2 ASA Firewall. I want to know ASA Traffic how many mins or hour can keep establishing. What is the need to be changed for ssh traffic to keep alive? Please support.

 

Best Regards,

Kyaw Htin Win

0 Helpful
5 Replies 5

Mohammed al Baqari
Level 11
Level 11

‎02-20-2019 01:11 AM

If the connection actively transmitting data, it won't timeout. Other than
that here are the default timeout.

The default tcp idle timeout is 1 hour.

The default udp idle timeout is 2 minutes.

The default icmp idle timeout is 2 seconds.

The default esp and ha idle timeout is 30 seconds.

0 Helpful

kyawhtinwin
Level 1
Level 1
In response to Mohammed al Baqari

‎02-20-2019 02:34 AM

Hi Mohammed,

 

Can we change to more hours?

 

Can you guide what command need to type and what is the impact? If we change that we have to change TCP idle timeout. Right?

 

Best Regards,

0 Helpful

ngkin2010
Level 7
Level 7
In response to kyawhtinwin

‎02-20-2019 07:30 AM

Hi,

You may refer to the configuration guide:
>>> set connection timeout
https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/conns_connlimits.html

But please make sure if your customers really need the timeout setting to be set to higher. Because the TCP session timeout timer will keep resetting if there is any communicate on that TCP session. Unless your customer will open a TCP session, and leave it idle over an hour, otherwise, you don't have to set the timeout value.

Technically speaking, it is expected that more TCP session data will be kept on ASA, and causing higher memory usage. However, if you have enough memory for your ASA, I think you don't need to worry about it.
0 Helpful

kyawhtinwin
Level 1
Level 1
In response to ngkin2010

‎02-20-2019 08:26 AM

ASA RAM is 4Gb
0 Helpful

ngkin2010
Level 7
Level 7
In response to kyawhtinwin

‎02-20-2019 08:35 AM - edited ‎02-20-2019 08:36 AM

You would also want to check memory usage at the peak hour. For an extreme case, if your ASA has used 99% memory during peak hour, then you should not increase the TCP timeout value because it increased the chance of memory used up.

I think you should focus more customer's requirement: Do they really require an idle TCP session over an hour? Have they encountered any issue during file transmission?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card