22-10
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 22 Configuring Connection Settings
Configuring Connection Settings
• UDP—Modifies the idle time until a UDP protocol connection closes. This duration must be at least
1 minute. The default is 2 minutes. Enter 0:0:0 to disable timeout.
• ICMP—Modifies the idle time after which general ICMP states are closed.
• H.323—Modifies the idle time until an H.323 media connection closes. The default is 5 minutes.
Enter 0:0:0 to disable timeout.
• H.225—Modifies the idle time until an H.225 signaling connection closes. The H.225 default
timeout is 1 hour (1:0:0). Setting the value of 0:0:0 means never close this connection. To close this
connection immediately after all calls are cleared, a value of 1 second (0:0:1) is recommended.
• MGCP—Modifies the timeout value for MGCP which represents the idle time after which MGCP
media ports are closed. The MGCP default timeout is 5 minutes (0:5:0). Enter 0:0:0 to disable
timeout.
• MGCP PAT—Modifies the idle time after which an MGCP PAT translation is removed. The default
is 5 minutes (0:5:0). The minimum time is 30 seconds. Uncheck the check box to return to the
default value.
• TCP Proxy Reassembly—Configures the idle timeout after which buffered packets waiting for
reassembly are dropped, between 0:0:10 and 1193:0:0. The default is 1 minute (0:1:0).
• Floating Connection—When multiple static routes exist to a network with different metrics, the
ASA uses the one with the best metric at the time of connection creation. If a better route becomes
available, then this timeout lets connections be closed so a connection can be reestablished to use
the better route. The default is 0 (the connection never times out). To take advantage of this feature,
change the timeout to a new value between 0:1:0 and 1193:0:0.
• SUNRPC—Modifies the idle time until a SunRPC slot is freed. This duration must be at least 1
minute. The default is 10 minutes. Enter 0:0:0 to disable timeout.
• SIP—Modifies the idle time until an SIP signalling port connection closes. This duration must be at
least 5 minutes. The default is 30 minutes.
• SIP Media—Modifies the idle time until an SIP media port connection closes. This duration must
be at least 1 minute. The default is 2 minutes.
• SIP Provisional Media—Modifies the timeout value for SIP provisional media connections, between
0:1:0 and 1193:0:0. The default is 2 minutes.
• SIP Invite—Modifies the idle time after which pinholes for PROVISIONAL responses and media
xlates will be closed. The minimum value is 0:1:0, the maximum value is 0:30:0. The default value
is 0:3:0.
• SIP Disconnect—Modifies the idle time after which SIP session is deleted if the 200 OK is not
received for a CANCEL or a BYE message. The minimum value is 0:0:1, the maximum value is
0:10:0. The default value is 0:2:0.
• Authentication absolute—Modifies the duration until the authentication cache times out and you
have to reauthenticate a new connection. This duration must be shorter than the Translation Slot
value. The system waits until you start a new connection to prompt you again. Enter 0:0:0 to disable
caching and reauthenticate on every new connection.
Note Do not set this value to 0:0:0 if passive FTP is used on the connections.