Cisco ASA 5505 Configuration Manual page 1056
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring Connection Settings
H.225—Modifies the idle time until an H.225 signaling connection closes. The H.225 default
•
timeout is 1 hour (01:00:00). Setting the value of 00:00:00 means never close this connection. To
close this connection immediately after all calls are cleared, a value of 1 second (00:00:01) is
recommended.
MGCP—Modifies the timeout value for MGCP which represents the idle time after which MGCP
•
media ports are closed. The MGCP default timeout is 5 minutes (00:05:00). Enter 0:0:0 to disable
timeout.
MGCP PAT—Modifies the idle time after which an MGCP PAT translation is removed. The default
•
is 5 minutes (00:05:00). The minimum time is 30 seconds. Uncheck the check box to return to the
default value.
•
SUNRPC—Modifies the idle time until a SunRPC slot is freed. This duration must be at least 1
minute. The default is 10 minutes. Enter 0:0:0 to disable timeout.
•
SIP—Modifies the idle time until an SIP signalling port connection closes. This duration must be at
least 5 minutes. The default is 30 minutes.
•
SIP Media—Modifies the idle time until an SIP media port connection closes. This duration must
be at least 1 minute. The default is 2 minutes.
SIP Provisional Media—Modifies the timeout value for SIP provisional media connections, between
•
0:1:0 and 1193:0:0. The default is 2 minutes.
SIP Invite—Modifies the idle time after which pinholes for PROVISIONAL responses and media
•
xlates will be closed. The minimum value is 0:1:0, the maximum value is 0:30:0. The default value
is 0:03:00.
SIP Disconnect—Modifies the idle time after which SIP session is deleted if the 200 OK is not
•
received for a CANCEL or a BYE message. The minimum value is 0:0:1, the maximum value is
0:10:0. The default value is 0:02:00.
•
Authentication absolute—Modifies the duration until the authentication cache times out and you
have to reauthenticate a new connection. This duration must be shorter than the Translation Slot
value. The system waits until you start a new connection to prompt you again. Enter 0:0:0 to disable
caching and reauthenticate on every new connection.
Note
Note
Authentication inactivity—Modifies the idle time until the authentication cache times out and users
•
have to reauthenticate a new connection. This duration must be shorter than the Translation Slot
value.
Translation Slot—Modifies the idle time until a translation slot is freed. This duration must be at
•
least 1 minute. The default is 3 hours. Enter 0:0:0 to disable timeout.
Cisco ASA 5500 Series Configuration Guide using ASDM
48-10
Do not set this value to 0:0:0 if passive FTP is used on the connections.
When Authentication Absolute = 0, HTTPS authentication may not work. If a browser initiates
multiple TCP connections to load a web page after HTTPS authentication, the first connection
is permitted through, but subsequent connections trigger authentication. As a result, users are
continuously presented with an authentication page, even after successful authentication. To
work around this, set the authentication absolute timeout to 1 second. This workaround opens a
1-second window of opportunity that might allow non-authenticated users to go through the
firewall if they are coming from the same source IP address.
Chapter 48
Configuring Connection Settings
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
