Solved: TCP/UDP Timeout (TTL) in seconds to remote subnet

Tinglyfox · ‎11-27-2019

Is it possible to modify UDP and TCP timeout connections in seconds to a specific remote subnet in a Cisco ASA? I have seen the timeout and set connection timeout values but I don't think either provides the result I am looking for.

How do I create a rule that has a certain UDP and TCP connection timeout in seconds from an inside vlan to a remote subnet only - thus not affecting all traffic.

Rob Ingram · ‎12-01-2019

Hi,

You can apply different timeout values to certain local/remote networks, using the Modular Policy Framework (MPF) to achieve this, reference here. You would need to specify the local/remote networks in the ACL referenced in the class-map, you don't necessarily need to define services as per the example. All other traffic (traffic not defined in the ACL) would continue to use the default timeout values.

HTH

View solution in original post

Sheraz.Salim · ‎11-28-2019

I dont think you can do in your current requirement.

have a look on this document.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/conns_connlimits.html

please do not forget to rate.

Rob Ingram · ‎12-01-2019

Hi,

You can apply different timeout values to certain local/remote networks, using the Modular Policy Framework (MPF) to achieve this, reference here. You would need to specify the local/remote networks in the ACL referenced in the class-map, you don't necessarily need to define services as per the example. All other traffic (traffic not defined in the ACL) would continue to use the default timeout values.

HTH

Tinglyfox · ‎12-03-2019

Looks like what I need, thank you!