About optix-137

optix-137 · 11-25-2015

Hi, I'm trying to figure out why does my ASA have a ICMP timeout of 1 hour instead of default 2 seconds as stated in the documentation and cli. fw-asa(config)# timeout icmp ? configure mode commands/options:<0:0:2> - <1193:0:0> Idle timeout for icm...

optix-137 · 11-28-2015

Hi Akshay & Rishabh Thank you for your replies. I had an class-default map configured to decrement ttl and disable tcp state check. Also, I configured (from ASDM) tcp reset before idle and that caused a line 'set connection timeout idle 1:00:00 reset...

optix-137 · 11-28-2015

Hi, fw-asa# sh run | i timeoutarp timeout 14400timeout xlate 3:00:00timeout pat-xlate 0:00:30timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip ...

optix-137 · 11-26-2015

Hi, There is currently no timeout icmp set, so it should default to 2 seconds. Either way, even if I set this to any value, timeout seen in the output of sh conn detail command remains 1h, and the connection table builds up.

Member Since	‎11-25-2015 04:50 PM
Date Last Visited	‎03-04-2020 12:17 AM
Posts	6

User Statistics

User Activity

timeout ICMP issue - connection table exaust

Hi Akshay & Rishabh

Hi,

Hi,