Logon to LDAP (port 389) server - If no logons are attempted from more than 60 minutes, Pix closes open port. The next user attemps to logon but times out, due to the logon server sending a Push ACK. On the next attempt, the server sends a Syn ACK which the firewall allows through.
Is there a way to resolve the first timeout without changing the global timeout connection value, EG: Changing timeout on a Port, IP address, interface?
Local Settings
pixfirewall# show timeout
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
Show conn
TCP out 192.168.x.x:55855 in 132.x.x.x:389 idle 0:50:28 Bytes 579 flags UIOB
Thank You!
Is there a way to resolve the first timeout without changing the global timeout connection value, EG: Changing timeout on a Port, IP address, interface?
Local Settings
pixfirewall# show timeout
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
Show conn
TCP out 192.168.x.x:55855 in 132.x.x.x:389 idle 0:50:28 Bytes 579 flags UIOB
Thank You!