From: Tarek Sabry (tsabry@xxxxxxxxxxxxxxxxxxx)
Date: Wed Apr 10 2002 - 16:58:41 GMT-3
Scott
It seems that what you need is to set the "watch-timeout" and not the
"connection-timeout". The former is defined as the "time allowed to reach
established state". So if the user fails to establish the connection after
this timeout, the router send a reset to the server to drop the connection.
So the right command (in my humble opinion) would be:
"ip tcp intercept watch-timeout [seconds]"
It sounds misleading to use the "watch" timeout when in "intercept" mode,
but that's what the documentation says!
Let's hear from experts too ....
Tarek
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
scott mann
Sent: Wednesday, April 10, 2002 2:24 PM
To: ccielab@groupstudy.com
Subject: IP TCP Intercept question
Can anyone tell me if using the below command will disconnect the
user/connection or simply cause the router to stop managing (keeping stats
or control of) the user/connection. I want to disconnect the user/connection
after a specific timeout period irregardless of his authentication/TCP
status.
"ip tcp intercept connection-timeout [seconds]"
Below is the Cisco Link, but it is not specific.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt3/scddenl.htm
Thanks,
Lab in 2 days.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:04 GMT-3