Re: tcp Intercept timers

From: route flap (routeflap@gmail.com)
Date: Thu Sep 14 2006 - 12:45:09 ART

• Next message: uyota oyearone: "RE: How to avoide SPAM attack"
• Previous message: sabrina pittarel: "Re: tcp Intercept timers"
• Maybe in reply to: route flap: "tcp Intercept timers"
• Next in thread: sabrina pittarel: "Re: tcp Intercept timers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sabrina,

Maybe I was not clear enough in my last email, but AFIAK the Watch-timeout
command only works in TCP Intercept Watch Mode
The default is intercerpt mode as you know

thanks
-RalF

On 9/14/06, sabrina pittarel <sabri_esame@yahoo.com> wrote:
>
> I'm sure I'm missing your point.
> The question states that a reset should be sent. That calls for watch
> timeout...Are you referring to the fact that the default is already 30sec?
> Yes you are right:
>
> Rack1R3(config)#ip tcp intercept watch-timeout 30
> Rack1R3(config)#
> Rack1R3#
> Rack1R3#sh run | i watch
> Rack1R3#
>
> It only means that nothing needs to be done for the question
>
> Sabrina
>
> ----- Original Message ----
> From: route flap <routeflap@gmail.com>
> To: Cisco certification <ccielab@groupstudy.com>
> Sent: Thursday, September 14, 2006 6:41:39 AM
> Subject: tcp Intercept timers
>
> Hi Guys,
>
> While doing IEWB Lab 14 Task 9 if found this question that states:
>
> In the meantime configure R4 to be a proxy for all TCP sessions initiated
> to
> this server. And one of the inner bullets of the task says R4 should send
> a
> reset for any TCP sessions that have not reach the established state after
> 30 seconds.
>
> The solution is using: ip tcp intercept watch-timeout 30
>
> The Book of Richard A. Deal; Cisco Router Firewall Security ISBN :
> 1-58705-175-3 Says:
>
> *** The ip tcp intercept watch-timeout command specifies the maximum
> length
> of time that the router will wait, in watch mode, for a TCP connection to
> complete the three-way handshake. This value defaults to 30 seconds. If
> the
> connection is not reached in this time period, the router sends a reset to
> the server (destination).
>
> *** When a router with TCP Intercept enabled monitors a connection that is
> in the process of being torn down, it expects the connection to be torn
> down
> within 5 seconds, by default, from the receipt of a reset or FIN exchange.
> When this time period is reached, the router ceases to manage the
> connection. You can change this value with the ip tcp intercept
> finrst-timeout command
> Please advise.
> -RalF
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: uyota oyearone: "RE: How to avoide SPAM attack"
• Previous message: sabrina pittarel: "Re: tcp Intercept timers"
• Maybe in reply to: route flap: "tcp Intercept timers"
• Next in thread: sabrina pittarel: "Re: tcp Intercept timers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART