Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1672
Views
0
Helpful
2
Replies

IP Inspect - increase timeout on TCP Port

mdcarey15
Level 1
Level 1

‎02-06-2009 07:33 AM - edited ‎03-11-2019 07:47 AM

I have a 2811 router with IP Inspect enable for Ingress traffic but it is quite generic:

ip inspect name firewall tcp

ip inspect name firewall udp

ip inspect name firewall icmp

ip inspect name firewall dns

int Serial1/1

ip inspect firewall out

Inspection name firewall

tcp alert is on audit-trail is off timeout 3600

udp alert is on audit-trail is off timeout 30

icmp alert is on audit-trail is off timeout 10

dns alert is on audit-trail is off timeout 30

I have an application that connects outbound that keeps timing out. It uses a specific TCP port. I'd like to increase this TCP port's timeout period, but keep the other TCP ports at the default.

Is this possible?

Router(config)#ip inspect name firewall tcp ?

alert Turn on/off alert

audit-trail Turn on/off audit trail

router-traffic Enable inspection of sessions to/from the router

timeout Specify the inactivity timeout time

<cr>

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎02-12-2009 06:38 AM

This is the syntax for CBAC.

ip inspect name inspection-name protocol [timeoutseconds]

ip inspect one-minute high

ip inspect max-incomplete high

ip inspect tcp max-incomplete host

0 Helpful

mdcarey15
Level 1
Level 1
In response to owillins

‎02-12-2009 07:22 AM

It looks like I can only do that command for specific protocols though, not for a TCP or UDP port not already defined (like H323), or the entire TCP or UDP port realm.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card