I have a customer who has an ASA-5550 (ASA-IOS 9.1.6). They have some servers in a subnet outside of their office. When they connect to these servers, they need that the tcp connection time-out will be about 4 hours.
I have got configured the below service-policy (class EDS-CONTROL-TIMEOUT-LISTADOS):
access-list CONEXIONS extended permit ip any4 object caif06 access-list CONEXIONS extended permit ip any4 host 172.23.XXX.XXX access-list CONEXIONS extended permit ip any4 host 172.23.XXX.XXX access-list EDS-Caixa_mpc_2 extended permit ip host 172.18.XXX.XXX object-group DM_INLINE_NETWORK_285 access-list EDS-Caixa_mpc_1 extended permit object-group DM_INLINE_PROTOCOL_2 object-group DM_INLINE_NETWORK_809 object-group DM_INLINE_NETWORK_777 ! class-map CONEXIONS match access-list CONEXIONS class-map EDS-Caixa-class match access-list EDS-Caixa_mpc_2 class-map EDS-CONTROL-TIMEOUT-LISTADOS match access-list EDS-Caixa_mpc_1 ! policy-map CONEXIONS class CONEXIONS set connection timeout idle 8:00:00 class EDS-CONTROL-TIMEOUT-LISTADOS set connection timeout idle 6:30:00 class EDS-Caixa-class set connection timeout idle 4:00:00 ! service-policy CONEXIONS interface EDS-Caixa !
Is there anything wrong?? The connection was finished after about 40 minutes when in the class is defined 6'5 hours. The service-policy is defined in the egress interface, is correct?? Have I got to configure anything more in the ingress interface?? With the 8.2.5 IOS version was working without problems. Have I to do anything more with this IOS version??
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...