27-24
Cisco ASDM User Guide
OL-16647-01
Chapter 27 Configuring Advanced Firewall Protection
Configuring Global Timeouts
• SIP Disconnect—Modifies the idle time after which SIP session is deleted if the 200 OK is not
received for a CANCEL or a BYE message. The minimum value is 0:0:1, the maximum value is
0:10:0. The default value is 0:02:00.
• Authentication absolute—Modifies the duration until the authentication cache times out and you
have to reauthenticate a new connection. This duration must be shorter than the Translation Slot
value. The system waits until you start a new connection to prompt you again. Enter 0:0:0 to disable
caching and reauthenticate on every new connection.
Note Do not set this value to 0:0:0 if passive FTP is used on the connections.
Note When Authentication Absolute = 0, HTTPS authentication may not work. If a browser initiates
multiple TCP connections to load a web page after HTTPS authentication, the first connection
is permitted through, but subsequent connections trigger authentication. As a result, users are
continuously presented with an authentication page, even after successful authentication. To
work around this, set the authentication absolute timeout to 1 second. This workaround opens a
1-second window of opportunity that might allow non-authenticated users to go through the
firewall if they are coming from the same source IP address.
• Authentication inactivity—Modifies the idle time until the authentication cache times out and users
have to reauthenticate a new connection. This duration must be shorter than the Translation Slot
value.
• Translation Slot—Modifies the idle time until a translation slot is freed. This duration must be at
least 1 minute. The default is 3 hours. Enter 0:0:0 to disable timeout.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • •—
