Folks,
Anyone tried to play with an absolute and inactivity timers in ASA while it
works as Cut through proxy ?
I'm having an interesting situation here.
The user authenticated on ASA via HTTPS and then started SSH session to a
switch behind the firewall. I'm having this SSH session open and seeing the
continuous output from "debug ip icmp" while pinging this switch. Then I logout
the user and can't start a new SSH session to the same switch which is good and
expected. But....
The first SSH session to the switch is still active and it doesn't timeout. I'm
trying to adjust uauth timers on the firewall and see the following:
ASA1(config)# timeout uauth ?
configure mode commands/options:
<0:0:0> - <1193:0:0> Idle time after which an authentication will no longer
be cached and the user will need to re-authenticate on
their connection, default is 0:05:00. The default uauth
timer is absolute.
Does it mean that I can change the default timer from absolute to inactivity ?
How would I make the previous session timeout?
Eugene
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
