1-13
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Connection Settings
  Configuring Connection Settings
set connection timeout {[embryonic 
hh:mm:ss] {idle hh:mm:ss [reset]] 
[half-closed hh:mm:ss] [dcd hh:mm:ss 
[max_retries]]}
Example:
hostname(config-pmap-c)# set connection 
timeout idle 2:0:0 embryonic 0:40:0 
half-closed 0:20:0 dcd
Sets connection timeouts.
The embryonic hh:mm:ss keyword sets the timeout period until a 
TCP embryonic (half-open) connection is closed, between 0:0:5 
and 1193:00:00. The default is 0:0:30. You can also set this value 
to 0, which means the connection never times out.
The idle hh:mm:ss keyword sets the idle timeout for all protocols 
between 0:0:1 and 1193:0:0. The default is 1:0:0. You can also set 
this value to 0, which means the connection never times out. For 
TCP traffic, the reset keyword sends a reset to TCP endpoints 
when the connection times out.
The half-closed hh:mm:ss keyword sets the idle timeout between 
0:5:0 and 1193:0:0. The default is 0:10:0. Half-closed 
connections are not affected by DCD. Also, the ASA does not 
send a reset when taking down half-closed connections.
The dcd keyword enables DCD. DCD detects a dead connection 
and allows it to expire, without expiring connections that can still 
handle traffic. You configure DCD when you want idle, but valid 
connections to persist. After a TCP connection times out, the ASA 
sends DCD probes to the end hosts to determine the validity of the 
connection. If one of the end hosts fails to respond after the 
maximum retries are exhausted, the ASA frees the connection. If 
both end hosts respond that the connection is valid, the ASA 
updates the activity timeout to the current time and reschedules 
the idle timeout accordingly. The retry-interval sets the time 
duration in hh:mm:ss format to wait after each unresponsive DCD 
probe before sending another probe, between 0:0:1 and 24:0:0. 
The default is 0:0:15. The max-retries sets the number of 
consecutive failed retries for DCD before declaring the 
connection as dead. The minimum value is 1 and the maximum 
value is 255. The default is 5.
The default tcp idle timeout is 1 hour.
The default udp idle timeout is 2 minutes.
The default icmp idle timeout is 2 seconds.
The default esp and ha idle timeout is 30 seconds.
For all other protocols, the default idle timeout is 2 minutes.
To never time out, enter 0:0:0.
You can enter this command all on one line (in any order), or you 
can enter each attribute as a separate command. The command is 
combined onto one line in the running configuration.
Note This command is not available for management traffic.
Command Purpose