I have a weird issue that I think I've narrowed down to being related to the timing out of connections inside my DMZ.
I was wondering first, are there any issues I should keep in mind when I start increasing the stock timeout values for conections?
Say if I double them, other than increased memory usage on my ASA, any other concerns?
Also, can anyone spot any value here that don't look default? It's from a Cisco ASA 55XX. I don't have another to compare it to.
My initial guess is my issue might be the 'half-closed' value, but I'm not sure yet.
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00
timeout sunrpc 0:10:00
timeout sip 0:30:00
timeout sip-provisional-media 0:02:00
uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Thanks in advance,
The default timeout are in this document but look's like it's all default.
You need to monitor the numbre of active connection and insure you dont max you appliance.