Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session-Timeout: Need a solution to keep TCP Sessions alive

Status
Not open for further replies.
xyCruiseryx

xyCruiseryx

Technical User
Oct 18, 2004
94
DE
Hi all,

my customer is using an old application without keep alive feature. The protocol is TCP 9999 and it is use one central destination Server-IP.

The Problem with ASA 5580:

If an user is creat a session to the server and no datas will be sent for next 10 min, the session is auto closed from cicso asa. (I know thats a normaly doing of cisco asa firewall but the users dislike this fact.

Before, we filter with cisco router acl and no session table was available on it. :)

Where are the asa-specialist to show me a way to keeep the session with tcp 9999 and one dest ip in the asa session table for a distance of 8 our min.


THX


 
Sort by date Sort by votes
what type of server is making this connection? linux can keep those keep alives. or try writing a script to ping every 8 minutes
 
Upvote 0 Downvote
Ping is not TCP.....i think this is not a solution but Thx.

I need a feature to set tcp sessions with special content to keep it in for 8 ours
 
Upvote 0 Downvote
i dont think i said the ping was tcp. but ping is considered interesting traffic in keeping and keep create and maintain a connection, socket, or vpn tunnel...

good luck
 
Upvote 0 Downvote
Hi,
The default session timeout is 30 min for the tcp traffic and unfortuntely this is global configuration so you have to increase the timeout for all the tcp traffic not specifically TCP-9999 port related traffic.

Command to changed the timedout to one hour is as below.

timeout conn 1:00:00 half-closed 0:10:00 udp 0:01:00 icmp 0:00:02


Default Session timeouts are as below.

TCP Timeout: 1800 (Seconds)
UDP Timeout: 180 (Seconds)
ICMP Timeout: 30 (Seconds)

make sure you increase the Xlate timeout also.
timeout xlate 2:00:00



Mustafa Gangardiwala
CCIE-Security # 16253, CISA
CISM,CISSP,INFOSEC, MCSE, CNE
 
Upvote 0 Downvote
Hi thx for answer. I reat that it is possible ti increase the timeout for spific connections about modular policy framework.

do you have experiences with M P F ?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
255
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
272
Johnkite
Johnkite
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
179
Nitta84
Nitta84
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
89
hairlessupportmonkey
hairlessupportmonkey
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
83
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top