EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #920 background imageLoading...
Page #920 background image
1-16
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the ASA to Integrate with Cisco TrustSec
Configuring the ASA for Cisco TrustSec Integration
Examples
The following example shows how to set default values for SXP:
hostname(config)# cts sxp enable
hostname(config)# cts sxp default source-ip 192.168.1.100
hostname(config)# cts sxp default password 8 ********
Step 4
hostname(config)# cts sxp retry period timervalue
Example:
hostname(config)# cts sxp retry period 60
Specifies the default time interval between ASA
attempts to set up new SXP connections between
SXP peers. The ASA continues to make connection
attempts until a successful connection is made.
The retry timer is triggered as long as there is one
SXP connection on the ASA that is not up.
Where timervalue is the number of seconds in the
range of 0 to 64000 seconds.
If you specify 0 seconds, the timer never expires and
the ASA will not attempt to connect to SXP peers.
By default, the timervalue
is 120 seconds.
When the retry timer expires, the ASA goes through
the connection database and if the database contains
any connections that are off or in a “pending on”
state, the ASA restarts the retry timer.
We recommend you configure the retry timer to a
different value from its SXP peer devices.
Step 5
hostname(config)# cts sxp reconciliation period
timervalue
Example:
hostname(config)# cts sxp reconciliation period 60
Specifies the value of the default reconcile timer.
After an SXP peer terminates its SXP connection, the
ASAstarts a hold down timer.
If an SXP peer connects while the hold down timer is
running, the ASA starts the reconcile timer; then, the
ASA updates the SXP mapping database to learn the
latest mappings.
When the reconcile timer expires, the ASA scans the
SXP mapping database to identify stale mapping
entries (entries that were learned in a previous
connection session). The ASA marks these
connections as obsolete. When the reconcile timer
expires, the ASA removes the obsolete entries from
the SXP mapping database.
Where timervalue is the number of seconds in the
range of 1 to 64000 seconds.
By default, the timervalue
is 120 seconds.
You cannot specify 0 for the timer because specifying
0 would prevent the reconcile timer from starting.
Not allowing the reconcile timer to run would keep
stale entries for an undefined time and cause
unexpected results from the policy enforcement.
Command Purpose

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals