Hi to all,

I have a customer who has an ASA-5550 (ASA-IOS 9.1.6). They have some servers in a subnet outside of their office. When they connect to these servers, they need that the tcp connection time-out will be about 4 hours.

I have got configured the below service-policy (class EDS-CONTROL-TIMEOUT-LISTADOS):

access-list CONEXIONS extended permit ip any4 object caif06
access-list CONEXIONS extended permit ip any4 host 172.23.XXX.XXX
access-list CONEXIONS extended permit ip any4 host 172.23.XXX.XXX
access-list EDS-Caixa_mpc_2 extended permit ip host 172.18.XXX.XXX object-group DM_INLINE_NETWORK_285
access-list EDS-Caixa_mpc_1 extended permit object-group DM_INLINE_PROTOCOL_2 object-group DM_INLINE_NETWORK_809 object-group DM_INLINE_NETWORK_777
!
class-map CONEXIONS
 match access-list CONEXIONS
class-map EDS-Caixa-class
 match access-list EDS-Caixa_mpc_2
class-map EDS-CONTROL-TIMEOUT-LISTADOS
 match access-list EDS-Caixa_mpc_1
!
policy-map CONEXIONS
 class CONEXIONS
  set connection timeout idle 8:00:00
 class EDS-CONTROL-TIMEOUT-LISTADOS
  set connection timeout idle 6:30:00
 class EDS-Caixa-class
  set connection timeout idle 4:00:00
!
service-policy CONEXIONS interface EDS-Caixa
!


Is there anything wrong?? The connection was finished after about 40 minutes when in the class is defined  6'5 hours. The service-policy is defined in the egress interface, is correct?? Have I got to configure anything more in the ingress interface?? With the 8.2.5 IOS version was working without problems. Have I to do anything more with this IOS version??

Thanks in advance.

Regards.

David.