Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Dead connection detection

Avatar of teleformix
teleformix asked on
Software FirewallsNetwork ManagementNetwork Security
2 Comments1 Solution1980 ViewsLast Modified:
We have a problem.  We just built out a brand new center where we deployed a Cisco ASA 5510 firewall.  The firewall is great.  The problem I have is with an application talking to a database across a policed firewall interface.

webapp  ->  Cisco ASA 5510  ->  informix database server

Basically we have an application sitting in a DMZ that needs to talk to a database on our private network.  After a period of time these connection stop working.  They are valid connections but they still end up timing out (I don't know how active they are, sometimes I would guess not very).  The biggest problem is that to the application these connections appear to be hung and we have to reset the app to recover.

I've read about Cisco's DCD (dead connection detection) and thought this might solve our problem.

Has anyone used this?  Am I crazy for thinking this could be our solution?  Can someone provide some good examples of how to implement this properly?

Here's a snipit of the ACL we are using.  Timeouts are the default - out of the box - settings.

access-list Public_DMZ_access_in line 9 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=42443)
access-list Public_DMZ_access_in line 10 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=137)
access-list Public_DMZ_access_in line 11 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=78)
access-list Public_DMZ_access_in line 12 extended permit tcp host <ip_removed> host <ip_removed>  eq 2020 (hitcnt=3787)
access-list Public_DMZ_access_in line 13 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=766)
access-list Public_DMZ_access_in line 17 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=0)
access-list Public_DMZ_access_in line 18 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=0)
access-list Public_DMZ_access_in line 19 extended permit tcp host <ip_removed>  host <ip_removed>  eq 2020 (hitcnt=430)
access-list Public_DMZ_access_in line 20 extended permit tcp host <ip_removed> host <ip_removed>  eq 2020 (hitcnt=1267)
ASKER CERTIFIED SOLUTION
Avatar of teleformix
teleformix

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answers