[c-nsp] VTY Lines
Lee
ler762 at gmail.com
Mon Apr 20 13:07:27 EDT 2009
Hi Dale,
On 4/19/09, Dale Shaw <dale.shaw+cisco-nsp at gmail.com> wrote:
> Hi Lee,
>
> On Sun, Apr 19, 2009 at 10:53 PM, Lee <ler762 at gmail.com> wrote:
>> What I'd like to know is what extra protection "service
>> tcp-keepalives-in" gives you that the exec-timeout on the VTYs
>> doesn't.
>
> Hmm, I guess it might come in useful if you're accessing the vty line
> via a firewall with particularly aggressive idle TCP session timers?
It probably would.. I went at it from the other direction tho; set
the keepalive time on my ssh client to 10 minutes.
> Having said that though, it's not like "service tcp-keepalives
> (in|out)" can be tuned. The DocCD is quiet on how often the keepalives
> are sent, too.
I don't remember seeing anything on how often keepalives are sent
either - just that sessions were killed after 5 minutes with no
answer.
> Old thread:
> http://puck.nether.net/pipermail/cisco-nsp/2004-July/011508.html
> <--- is that you? :-)
Yup, that's me :) Discretion being the better part of valor, etc.,
etc., I use a non-work email address now.
Regards,
Lee
More information about the cisco-nsp
mailing list