[c-nsp] ssh server behind pix timeout
Peder at NetworkOblivion
peder at networkoblivion.com
Mon Nov 14 23:16:33 EST 2005
timeout xlate hh:mm:ss
timeout conn hh:mm:ss
The xlate timeout should always be longer than the connection timeout.
I usually go for 4:00:00 for the xlate and 3:00:00 for the conn. I seem
to remember some recent PIX's having a timeout value of 00:05:00 for one
of those two.
Rolf Mendelsohn wrote:
> Hi Kim,
>
> Yes it is the pix. We had this issue years ago. I can't remember exactly what
> solved the problem.
>
> The issue is that the Pix will remove the xlate entry after an hour or 2.( if
> you want to remain connected without typing for 2 hours instead of 30
> minutes).
>
> Or enable keepalives in sshd.
>
> cheers
> /rolf
>
> On Monday 14 November 2005 05:02 pm, Kim Onnel wrote:
>
>>Hello,
>>
>>i have an openbsd ssh server behind a pix, my ssh session timeouts, is it
>>the PIX, any timeout number i should increase ?
>>
>>Regards
>>_______________________________________________
>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
--
Network stuff you didn't know....
http://www.networkoblivion.com
More information about the cisco-nsp
mailing list