Solved: Floating connections

aaron.catt1 · ‎01-31-2017

Hi all,

We have an ASA 5510 with two ISP lines, one for main use, and the other as a backup. Static routes are used where the main line is SLA tracked. When traffic failsover to the backup line, everything works fine. But when the main line becomes active again, everything apart from a UDP SIP connection goes back to the main line.

I have seen that this is because the connections are not cleared as floating-conn is set to 00:00:00, and the route is not remapped because the connection doesn't recreate. What is the best practice for setting this timeout? Would 1 minute be suitable?

Many thanks

Aaron

Rahul Govindan · ‎01-31-2017

1 minute is suitable for this timer. This is also the value set in this Cisco document that details your exact issue:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113592-udp-traffic-fails-00.html

You can even set a 30 second timer if faster convergence is required.

View solution in original post

Rahul Govindan · ‎01-31-2017

1 minute is suitable for this timer. This is also the value set in this Cisco document that details your exact issue:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113592-udp-traffic-fails-00.html

You can even set a 30 second timer if faster convergence is required.

aaron.catt1 · ‎01-31-2017

Many thanks, I did see that but on some other forums apparently 1 minute is too low. At least I don't have to manually enter clear conn now everytime it happens.