From: LEE READE (lee.reade@btinternet.com)
Date: Thu Jul 03 2008 - 07:16:17 ART
HI,
I need to set the tcp idle timeout for a specific tcp stream to 0, due to issues with legacy server.
I have implemented a class-map to match the access-list, which in turn matches the flow, I have then put this into the global_policy policy-map and set the connection tcp 0.
However it doesnt seem to be working, as tcp sessions for the flow are still idleing out.
I have removed and re-applied the policy-map from the global interface, the show commands available are not too good for showing hits, ie per class-map etc. I have verified the acl is being hit, however the hit count does not match the show conn local hit counts, perphaps due to acl logging thresholds.
Class-map TCP
Match access-group TCP
policy-map global_policy
class-map TCP
set connection timeout 0
class inspection_default
Do we need to clear all existing tcp conns for the new settings to take effect? Or is there something else that should be done??
Any advice most welcome! The business is really starting to get itchy for a fix.
Thanks very much!
LR
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART