Configure Global Timeouts - Cisco ASA Series Configuration Manual

Chapter 16 Connection Settings

Configure Global Timeouts

You can set the global idle timeout durations for the connection and translation slots of various protocols.
If the slot has not been used for the idle time specified, the resource is returned to the free pool. TCP
connection slots are freed approximately 60 seconds after a normal connection close sequence.
Changing the global timeout sets a new default timeout, which in some cases can be overridden for
particular traffic flows through service policies.
Procedure
Use the timeout command to set global timeouts.
Step 1
hostname(config)# timeout feature time
All timeout values are in the format hh:mm:ss, with a maximum duration of 1193:0:0. Use the no
timeout command to reset all timeouts to their default values. If you want to simply reset one timer to
the default, enter the timeout command for that setting with the default value.
Use 0 for the value to disable a timer.
You can configure the following global timeouts.
•
•
•
•
•
•
•
•
•
•
•
timeout conn hh:mm:ss—The idle time after which a connection closes, between 0:5:0 and
1193:0:0. The default is 1 hour (1:0:0).
timeout half-closed hh:mm:ss—The idle time until a TCP half-closed connection closes. The
minimum is 5 minutes. The default is 10 minutes.
timeout udp hh:mm:ss—The idle time until a UDP connection closes. This duration must be at least
1 minute. The default is 2 minutes.
timeout icmp hh:mm:ss—The idle time for ICMP, between 0:0:2 and 1193:0:0. The default is 2
seconds (0:0:2).
timeout sunrpc hh:mm:ss—The idle time until a SunRPC slot is freed. This duration must be at least
1 minute. The default is 10 minutes.
timeout H323 hh:mm:ss—The idle time after which H.245 (TCP) and H.323 (UDP) media
connections close, between 0:0:0 and 1193:0:0. The default is 5 minutes (0:5:0). Because the same
connection flag is set on both H.245 and H.323 media connections, the H.245 (TCP) connection
shares the idle timeout with the H.323 (RTP and RTCP) media connection.
timeout h225 hh:mm:ss—The idle time until an H.225 signaling connection closes. The H.225
default timeout is 1 hour (1:0:0). To close a connection immediately after all calls are cleared, a
value of 1 second (0:0:1) is recommended.
timeout mgcp hh:mm:ss—The idle time after which an MGCP media connection is removed,
between 0:0:0 and 1193:0:0. The default is 5 minutes (0:5:0)
timeout mgcp-pat hh:mm:ss—The absolute interval after which an MGCP PAT translation is
removed, between 0:0:0 and 1193:0:0. The default is 5 minutes (0:5:0). The minimum time is 30
seconds.
timeout sip hh:mm:ss—The idle time until a SIP signaling port connection closes, between 0:5:0
and 1193:0:0. The default is 30 minutes (0:30:0).
timeout sip_media hh:mm:ss—The idle time until an SIP media port connection closes. This
duration must be at least 1 minute. The default is 2 minutes. The SIP media timer is used used for
SIP RTP/RTCP with SIP UDP media packets, instead of the UDP inactivity timeout.
Configure Connection Settings
Cisco ASA Series Firewall CLI Configuration Guide
16-3