From: route flap (routeflap@gmail.com)
Date: Thu Sep 14 2006 - 10:41:39 ART
Hi Guys,
While doing IEWB Lab 14 Task 9 if found this question that states:
In the meantime configure R4 to be a proxy for all TCP sessions initiated to
this server. And one of the inner bullets of the task says R4 should send a
reset for any TCP sessions that have not reach the established state after
30 seconds.
The solution is using: ip tcp intercept watch-timeout 30
The Book of Richard A. Deal; Cisco Router Firewall Security ISBN :
1-58705-175-3 Says:
*** The ip tcp intercept watch-timeout command specifies the maximum length
of time that the router will wait, in watch mode, for a TCP connection to
complete the three-way handshake. This value defaults to 30 seconds. If the
connection is not reached in this time period, the router sends a reset to
the server (destination).
*** When a router with TCP Intercept enabled monitors a connection that is
in the process of being torn down, it expects the connection to be torn down
within 5 seconds, by default, from the receipt of a reset or FIN exchange.
When this time period is reached, the router ceases to manage the
connection. You can change this value with the ip tcp intercept
finrst-timeout command
Please advise.
-RalF
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART