baggio8
asked on
Procedure to add https timeout in PIX 501
I have a Cisco PIX 501. 6.3(5)
I need to create a https timeout for 1:00:00 to work with iphone activesync in Exchange.
I'm not quite sure how to add this. I'm a novice, so I would want to add any commands through the PDM Command Line Interface. Running config is attached. Thanks experts!
write-20term.txt
I need to create a https timeout for 1:00:00 to work with iphone activesync in Exchange.
I'm not quite sure how to add this. I'm a novice, so I would want to add any commands through the PDM Command Line Interface. Running config is attached. Thanks experts!
write-20term.txt
ASKER
Thank you for your response Istvan, but I'm not sure if you mean I can not configure a command for this. What do you recommend to accomplish what I need to do and how would I do it?
Thanks!
Thanks!
You're going to need to make adjustments in two places for this if your ActiveSync server is behind one of the PIX's NAT translations. First, you're going to need to make sure that the ActiveSync server itself will permit one-hour timeouts. Second, you'll need to configure the connection timeouts for NAT on the PIX with the "timeout conn 1:00:00" configuration command.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(config)# timeout ?
configure mode commands/options:
conn Configure idle time after which a TCP connection state
will be closed, default is 1:00:00
h225 Configure idle time after which an H.225 signaling
conn will be closed, default is 1:00:00
h323 Configure idle time after which an H.323 control
connection will be closed, default is 0:05:00
half-closed Configure idle time after which a TCP half-closed
connection will be freed, default is 0:10:00
icmp Configure idle timeout for ICMP, default is 0:00:02
mgcp Configure idle time after which an MGCP media
connection will be closed, default is 0:05:00
mgcp-pat Configure the time after which an MGCP PAT Xlate will
be removed, default is 0:05:00
sip Configure idle time after which a SIP control
connection will be closed, default is 0:30:00
sip-disconnect Configure idle timeout after which SIP session is
deleted if 200 OK is not received for a CANCEL or BYE
message, default s 0:02:00
sip-invite Configure idle time after which pinholes for
PROVISIONAL responsesand media xlates will be closed,
default is 0:03:00
sip-provisional-media Configure idle time after which a SIP provisional
Media connection will be closed, default is 0:02:00
sip_media Configure idle time after which a SIP Media connection
will be closed, default is 0:02:00
sunrpc Configure idle time after which a SUNRPC slot will be
closed, default is 0:10:00
uauth Configure idle time after which an authentication will
no longer be cached and the user will need to
re-authenticate on their connection, default is
0:05:00. The default uauth timer is absolute.
udp Configure idle time after which general UDP states
will be closed, default is 0:02:00, This timer does
not apply to DNS or SUNRPC
xlate Configure idle time after which a dynamic address will
be returned to the free pool, default is 3:00:00
there is an example:
http://www.eventid.net/firegen/pixconfig-2004-03-17-220752.html#configuration
BEst regards,
Istvan