Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, In short: Are keepalive packets being blocked by default on an ASA firewall? Or are special settings required when NAT is being used in conjunction? In long:Background:(server)----[outside](Natting firewall; ASA5555-X; managed by FMC)[inside]----...
Hi, We're using Cisco C9200L's in some of our OT environment to which some very old Siemens hardware is connected. For some reason Siemens decided in the past to use a single MAC address, specifically for LLDP, for all their devices (note: this LLDP ...
It is indeed the server who sends the keepalive packet and the client who acknowleges this. Our ASA is indeed allowing the connection because as long as the idle TCP timer for this connection is not expired (i.e. trigger conditions are met and the cl...
That's expected behaviour, there are indeed two sessions. One 'normal' database connection which runs a query every minute (and so the idle timer never reaches above 59s), and a second one which is used to notify the client of the trigger condition h...
From another troubleshooting session I've found the screenshot below, showing a live connection just shy of 125 minutes and then dropping when I checked again.
Please find the screenshot below.The connection with the TCP idle time of about 40 minutes is the one in question.The NAT idle timer never seems to reset (but the session remains) and can be used to see how long ago the session was created.So at the ...
