cisco ASA tcp timeout

Tejas Kunte · ‎10-21-2011

hi

i have been asked to set the tcp timeout on my ASA 5520 8.4(1) to 48 hours.

is that a good idea ?

also what is the process

i run the command timeout conn 48:0:0

i have an active-passive setup

is a reboot both devices needed ?

Reza Sharifi · ‎10-21-2011

Hi,

It depends on your requirement and the need for specific application that may require a longer time out window.

The config guide does not mention anything about needing to reboot the devices.

from the config guide:

Step 4 To set connection timeouts, enter the following command:

hostname(config-pmap-c)# set connection timeout {[embryonic hh:mm:ss] {idle hh:mm:ss [reset]] [half-closed hh:mm:ss] [dcd hh:mm:ss [max_retries]]}

where the embryonic hh:mm:ss keyword sets the timeout period until a TCP embryonic (half-open) connection is closed, between 0:0:5 and 1193:00:00. The default is 0:0:30. You can also set this value to 0, which means the connection never times out.

The idle hh:mm:ss keyword sets the idle timeout for all protocols between 0:5:0 and 1193:00:00. The default is 1:0:0. You can also set this value to 0, which means the connection never times out. For TCP traffic, the reset keyword sends a reset to TCP endpoints when the connection times out.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_connlimits.html

HTH

Tejas Kunte · ‎10-22-2011

i am running ver 8.4(1)

is the syntax diff for that ?

Tejas Kunte · ‎10-23-2011

i should also add that i need to set the tcp timeout to 48 hours for traffic for just 1 L2L IPSec VPN tunnel and not globally