Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connections don't timeout

Status
Not open for further replies.
NicolaiG

NicolaiG

ISP
Jun 13, 2003
2
DK
Hi

I'm faily new to the Cisco Pix, and i'm wondering about something.

How come i have several connections that a way beyond their timeout? The same seems to happen to xlate's, which has alot more entries than what can happen in the setup. There is 3-4 clients sitting behind a PIX501, with a tunnel to their main-office. "sh xlate count" is around 4000-5000 entries, and that amount seems very high, with a xlate-timeout set to 5 mins.

I've looked at several others running the same setup, and they show "normal" behaviour.

Any suggestions?


fw-billund# sh ver

Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 1.1(2)

fw# sh timeout
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute

fw# sh conn
68 in use, 222 most used
TCP out 10.61.82.210:1494 in 192.168.1.103:1046 idle 194:25:31 Bytes 508266 flags UIO
TCP out 10.61.82.210:1494 in 192.168.1.142:2227 idle 264:18:02 Bytes 60503 flags UIO
TCP out 10.61.82.210:1494 in 192.168.1.104:1439 idle 260:59:46 Bytes 21770 flags UIO
UDP out 193.162.195.194:53 in 192.168.1.142:47 idle 1:11:51 flags D

UDP out 207.46.248.43:123 in 192.168.1.104:123 idle 5:41:22 flags -

TCP out 10.61.82.210:1494 in 192.168.1.103:1038 idle 411:56:43 Bytes 331800 flags UIO
TCP out 10.61.82.210:1494 in 192.168.1.104:1107 idle 0:00:38 Bytes 470347 flags UIO
TCP out 10.61.82.210:1494 in 192.168.1.104:1050 idle 243:38:17 Bytes 82131 flags UIO
 
Sort by date Sort by votes
I'm more interested in how a connection can be active for several hours, when the connection timeout is 1 hour. That dosn't seem very logic to me.

Anyone who can explain this?

fw# sh timeout
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

fw# sh conn
TCP out 10.61.82.210:1494 in 192.168.1.103:1046 idle 194:25:31 Bytes 508266 flags UIO
TCP out 10.61.82.210:1494 in 192.168.1.142:2227 idle 264:18:02 Bytes 60503 flags UIO
TCP out 10.61.82.210:1494 in 192.168.1.104:1439 idle 260:59:46 Bytes 21770 flags UIO
UDP out 193.162.195.194:53 in 192.168.1.142:47 idle 1:11:51 flags D
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

steve56k
  • Locked
  • Question
Number of connections for VPN tunnel
Replies
0
Views
94
steve56k
steve56k
RodneyMcSnow
  • Locked
  • Question
Windows 8.1 PRO has to open connections when NETSTAT is used.
Replies
0
Views
110
RodneyMcSnow
RodneyMcSnow
rjwaunakee
  • Locked
  • Question
Allow Connections with Domain Names
Replies
0
Views
107
rjwaunakee
rjwaunakee
kzn
  • Locked
  • Question
Error communicating with Firebox 10.0.0.1. IO_ERROR: Message processing timeout. Please try again
Replies
2
Views
210
kzn
kzn
RonSwift
  • Locked
  • Question
Block all telnet connections 1
Replies
4
Views
187
RonSwift
RonSwift

Part and Inventory Search

Sponsor

Back
Top