Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2375
Views
0
Helpful
3
Replies

Custom UDP service timeout

ned.tavakol
Level 1
Level 1

‎06-24-2009 05:46 PM - edited ‎03-11-2019 08:47 AM

Hi,

I don't want to change the global UDP idle timeout for the entire firewall for obvious security reasons but I have to change timeout for a particular UDP port from a known source IP to another known destination IP. I tried using:

object-group service blah

timeout udp 0:20:00

or timeout udp 0:20:00 conn 1:00:00

but the timeout command does not stay in the config. I even tried MPF but MPF doesn't have UDP option or I can't find it.

Is there another way?

Thanks in advance

Labels:
0 Helpful
3 Replies 3

Patrick0711
Level 3
Level 3

‎06-24-2009 08:30 PM

I did something similar for TCP connections the other day...

This should work...substitute the TCP for UDP and add the necessary UDP port in the ACL:

access-list custom_timeout extended permit tcp host 1.1.1.1 any

class-map custom_timeout

description Connection Timeout for specific hosts - 3 hours

match access-list custom_timeout

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

class custom_timeout

set connection timeout tcp 03:0:00 reset

0 Helpful

ned.tavakol
Level 1
Level 1
In response to Patrick0711

‎06-25-2009 01:39 AM

Hi,

Thanks for your respond.

I've already tried this but unfortunately there isn't a udp option with this method.

please see below

hostname(config-pmap-c)# set connection timeout ?

mpf-policy-map-class mode commands/options:

dcd Configure dead-connection-detection retry interval.

embryonic Configure absolute time after which an embryonic TCP connection

will be closed, default is 0:00:30.

half-closed Configure idle time after which a TCP half-closed connection

will be freed, default is 0:10:00

tcp Configure idle time after which a TCP connection state will be

closed, default is 1:00:00

0 Helpful

ned.tavakol
Level 1
Level 1
In response to ned.tavakol

‎02-19-2012 04:36 PM

Hi,

The custom UDP service was taken out of ASA 8.x code and by request it was added back in higher releases of 8.2

0 Helpful
Review Cisco Networking for a $25 gift card
Top