Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
5
Helpful
2
Replies

Timeout issue on ASA connections

Jon Derrenbacker
Level 1
Level 1

‎09-13-2012 07:22 AM - edited ‎03-07-2019 08:52 AM

I have a weird issue that I think I've narrowed down to being related to the timing out of connections inside my DMZ.

I was wondering first, are there any issues I should keep in mind when I start increasing the stock timeout values for conections?

Say if I double them, other than increased memory usage on my ASA, any other concerns?

Also, can anyone spot any value here that don't look default? It's from a Cisco ASA 55XX. I don't have another to compare it to.

My initial guess is my issue might be the 'half-closed' value, but I'm not sure yet.

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00

half-closed 0:10:00

udp 0:02:00

icmp 0:00:02

timeout sunrpc 0:10:00

h323 0:05:00

h225 1:00:00

mgcp 0:05:00

mgcp-pat 0:05:00

timeout sip 0:30:00

sip_media 0:02:00

sip-invite 0:03:00

sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00

uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

Thanks in advance,

Jon

Labels:
0 Helpful
2 Replies 2

dominic.caron
Level 5
Level 5

‎09-13-2012 07:36 AM

The default timeout are in this document but look's like it's all default.

You need to monitor the numbre of active connection and insure you dont max you appliance.

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/t.html#wp1540870

Jon Derrenbacker
Level 1
Level 1
In response to dominic.caron

‎09-13-2012 08:27 AM

Good stuff. Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card