Hi Andy,
Thank you very much for the explanation.I am trying to understand the
below highlighted statement,how it notifies the parties that the connection
is terminated,is it by sending some signal (Some thing like RST or ?)
....Kindly help me to understand
"This command specifies how long the cisco IOS waits for a TCP session to be
established (to complete three-way handshake).The default is 30 seconds.If
the three way handshake is not completed by end of this timeout,Cisco IOS
removes the entry from its state table and the dynamic entry in the
ACL(before FAB) and* it notifies both parties that the connection has been
terminated*"
Thanks for the help
Regards
Anantha Subramanian Natarajan
On Sun, Sep 6, 2009 at 9:34 AM, Andy Reid <ccie_at_reid.it> wrote:
> Hi Anantha,
>
> The command "ip inspect tcp finwait-time" is used when waiting for the FIN
> packets (default is 5 seconds).
>
> The "ip inspect tcp synwait-time" is used to protect against half open
> sessions (default is 30 seconds) where the session never becomes fully
> established, and therefore FIN packets are never sent.
>
> regards Andy
>
> Anantha Subramanian Natarajan wrote:
>
>> Hi All,
>>
>> I was going through CBAC and trying to understand the different global
>> settings on the same.One of that was "ip inspect tcp synwait-time".The way
>> in which understood was as stated below(Actually Just pasting the
>> statements)
>>
>>
>> "This command specifies how long the cisco IOS waits for a TCP session to
>> be
>> established (to complete three-way handshake).The default is 30 seconds.If
>> the three way handshake is not completed by end of this timeout,Cisco IOS
>> removes the entry from its state table and the dynamic entry in the
>> ACL(before FAB) and it notifies both parties that the connection has been
>> terminated"
>>
>> In the above I am trying to understood,what kind of notification it
>> provides
>> to both the parties when the timeout as reached ..Is it TCP RST or
>> something
>> different.
>>
>>
>>
>> Kindly let me know
>>
>>
>>
>> Thanks for the help
>>
>>
>>
>> Regards
>>
>> Anantha Subramanian Natarajan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Sep 06 2009 - 15:31:38 ART
This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:02 ART