Aggressively killing idle sessions
This traffic is being NATed and thus my public IP is bumping into open session limits with a remote party because of this...
Until I can correctly fix the internal issue (not under my control) is there any way i can kill off these sessions faster? When working correctly these sessions only last 15-30s and there a a lot of them, so the 5min idle timeout limit is killing me.
As far as I can tell changing dead link detection and xlate timeouts will not work since they happen AFTER the TCP ideal timeout (minimum 5min).
Any IDEAS? I do have a specific set of source addresses and one specific destination IP and port involved in this issue so making an aggressive change specific to this traffic would be ideal.
Maybe you can use this document to help with this case?
Or had you tried this yet?
You should be able to match certain traffic and apply different timeout rules for that traffic without affecting the global settings
I quickly configured this on my home ASA and this is the ouput of the "show conn long" with one TCP connection to which the new timeout is applied
TCP WAN:y.y.y.y/443 (y.y.y.y/443) WLAN:10.0.255.20/57598 (x.x.x.x/57598), flags UIO, idle 27s, uptime 28s, timeout 1m0s, bytes 5635
You are able to set the timeout even in seconds. A simple test configuration I used to match ALL traffic (which probably isnt the case in your situation)
set connection timeout idle 0:01:00
Hope this helps