08-21-2008 12:48 AM - edited 03-11-2019 06:33 AM
the default idle time for a connection on a Cisco ASA is 1 hour, as denoted by the timeout conn command. The ASA then closes the connection.
What i wish to know is how does the ASA close the idle connection? does it send a Reset to each end of the connection? or only one end? or does it send a reset at all.
Does any one know what the ASA actually does to close the idle connection?
Thanks
Chris
08-21-2008 01:33 AM
ASA silently drop connections for which the idle timeout timer has expired.
This default behavior can be changed using Modular Policy Framework.
Check out the "set connection timeout" command in the command reference:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1299836
There is a "reset" argument that can be used to send a RST in both
directions when the idle timer expires.
Syed Iftekhar Ahmed
08-21-2008 01:41 AM
ah i see so i can set it to send resets in both directions
your wrote the ASA silently drops the connection, what do you mean by that? do you mean the ASA doesn't do anything it just drops the connection from its own connection table?
Thanks for the help, just trying to get my head round what the ASA does as we have a connection which seems to be only reset one end after the idle time, when the connection is re-established the other end it seems to just disappear?
thanks
Ali
08-21-2008 02:08 AM
As per my knowledge no resets are send by ASA on either side (unless configured using MPF) when a connection times out.
So yes it simply delete the connection entry from its connection table.
Syed Iftekhar Ahmed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide