Filter
Top Products
27-23
Cisco ASDM User Guide
OL-16647-01
Chapter 27 Configuring Advanced Firewall Protection
Configuring Global Timeouts
Configuring Global Timeouts
The Timeouts pane lets you set the timeout durations for use with the security appliance. All durations
are displayed in the format hh:mm:ss. It sets the idle time for the connection and translation slots of
various protocols. If the slot has not been used for the idle time specified, the resource is returned to the
free pool. TCP
connection slots are freed approximately 60 seconds after a normal connection close
sequence.
Note It is recommended that you do not change these values unless advised to do so by Customer Support.
Fields
In all cases, except for Authentication absolute and Authentication inactivity, unchecking the check
boxes means there is no timeout value. For those two cases, clearing the check box means to
reauthenticate on every new connection.
• Connection—Modifies the idle time until a connection slot is freed. Enter 0:0:0 to disable timeout
for the connection. This duration must be at least 5 minutes. The default is 1 hour.
• Half-closed—Modifies the idle time until a TCP half-closed connection closes. The minimum is 5
minutes. The default is 10 minutes. Enter 0:0:0 to disable timeout for a half-closed connection.
• UDP—Modifies the idle time until a UDP protocol connection closes. This duration must be at least
1 minute. The default is 2 minutes. Enter 0:0:0 to disable timeout.
• ICMP—Modifies the idle time after which general ICMP states are closed.
• H.323—Modifies the idle time until an H.323 media connection closes. The default is 5 minutes.
Enter 0:0:0 to disable timeout.
• H.225—Modifies the idle time until an H.225 signaling connection closes. The H.225 default
timeout is 1 hour (01:00:00). Setting the value of 00:00:00 means never close this connection. To
close this connection immediately after all calls are cleared, a value of 1 second (00:00:01) is
recommended.
• MGCP—Modifies the timeout value for MGCP which represents the idle time after which MGCP
media ports are closed. The MGCP default timeout is 5 minutes (00:05:00). Enter 0:0:0 to disable
timeout.
• MGCP PAT—Modifies the idle time after which an MGCP PAT translation is removed. The default
is 5 minutes (00:05:00). The minimum time is 30 seconds. Uncheck the check box to return to the
default value.
• SUNRPC—Modifies the idle time until a SunRPC slot is freed. This duration must be at least 1
minute. The default is 10 minutes. Enter 0:0:0 to disable timeout.
• SIP—Modifies the idle time until an SIP signalling port connection closes. This duration must be at
least 5 minutes. The default is 30 minutes.
• SIP Media—Modifies the idle time until an SIP media port connection closes. This duration must
be at least 1 minute. The default is 2 minutes.
• SIP Provisional Media—Modifies the timeout value for SIP provisional media connections, between
0:1:0 and 1193:0:0. The default is 2 minutes.
• SIP Invite—Modifies the idle time after which pinholes for PROVISIONAL responses and media
xlates will be closed. The minimum value is 0:1:0, the maximum value is 0:30:0. The default value
is 0:03:00.