.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
TCP Intercept connection-timeout timer
Hi,
I am playing with TCP Connection-timeout timer. Topo is as below.
R1 ———— R4 ————— BB1 155.1.146.1 204.12.1.254
R4 does TCP intercept. I am trying to verify the effect of the command “ip tcp intercept connection-timeout”
I am testing TCP intercept connection timeout timer, by telnet from R1 to BB1 and let that connection idle (i.e. I do not type anything once I sucessfully telnet to BB1). R4 should disconnect this idle TCP session within a configurable “connection-timeout” period. But what I see is that it always terminates TCP idle sessions 1 minutes later that it should. For instance, if I configure the connection-timout timer as 1 minute, then idle TCP sessions are terminated after 2 minutes of no activity !
Where does that additional 1 minute come from? Any idea please? Many thanks.
Regards,
Rack1R1#telnet 204.12.1.254 Trying 204.12.1.254 … Open
BB3>
Rack1R4#sh run | in tcp ip tcp synwait-time 300 ip tcp intercept list 199 ip tcp intercept connection-timeout 60 access-list 199 permit tcp any host 204.12.1.254
Rack1R4# *Apr 7 23:12:55.134: INTERCEPT: new connection (155.1.146.1:52825 SYN -> 204.12.1.254:23) *Apr 7 23:12:55.134: INTERCEPT(*): (155.1.146.1:52825 204.12.1.254:23) *Apr 7 23:12:55.138: INTERCEPT(*): (155.1.146.1:52825 SYN -> 204.12.1.254:23) *Apr 7 23:12:55.158: INTERCEPT: 2nd half of connection established (155.1.146.1:52825 204.12.1.254:23) *Apr 7 23:12:55.158: INTERCEPT(*): (155.1.146.1:52825 204.12.1.254:23) *Apr 7 23:14:55.166: INTERCEPT(*): (155.1.146.1:52825 204.12.1.254:23)
Rack1R4#c Enter configuration commands, one per line. End with CNTL/Z. Rack1R4(config)#ip tcp intercept connection-timeout 120 command accepted, interfaces with mls configured might cause inconsistent behavior
Rack1R4# *Apr 7 23:21:52.006: INTERCEPT: new connection (155.1.146.1:29099 SYN -> 204.12.1.254:23) *Apr 7 23:21:52.010: INTERCEPT(*): (155.1.146.1:29099 204.12.1.254:23) *Apr 7 23:21:52.010: INTERCEPT(*): (155.1.146.1:29099 SYN -> 204.12.1.254:23) *Apr 7 23:21:52.034: INTERCEPT: 2nd half of connection established (155.1.146.1:29099 204.12.1.254:23) *Apr 7 23:21:52.034: INTERCEPT(*): (155.1.146.1:29099 204.12.1.254:23) *Apr 7 23:24:52.042: INTERCEPT(*): (155.1.146.1:29099 204.12.1.254:23)
Rack1R4#c Enter configuration commands, one per line. End with CNTL/Z. Rack1R4(config)#ip tcp intercept connection-timeout 150 command accepted, interfaces with mls configured might cause inconsistent behavior
Rack1R4# *Apr 7 23:26:25.934: INTERCEPT: new connection (155.1.146.1:19604 SYN -> 204.12.1.254:23) *Apr 7 23:26:25.934: INTERCEPT(*): (155.1.146.1:19604 204.12.1.254:23) *Apr 7 23:26:25.938: INTERCEPT(*): (155.1.146.1:19604 SYN -> 204.12.1.254:23) *Apr 7 23:26:25.958: INTERCEPT: 2nd half of connection established (155.1.146.1:19604 204.12.1.254:23) *Apr 7 23:26:25.958: INTERCEPT(*): (155.1.146.1:19604 204.12.1.254:23) *Apr 7 23:29:55.970: INTERCEPT(*): (155.1.146.1:19604 204.12.1.254:23)
Blogs and organic groups at http://www.ccie.net
