1 Reply Latest reply on Feb 16, 2012 2:09 PM by noor

    4305 - ip policy-timeout for different interfaces/policy-classes?

    rold5 New Member

      I have a 4305 configured to route between 2 private LANs and a WAN connection.

      LAN2 contains a TCP service on port 2100 [example]

      Requests from LAN1-->LAN2:2100 need to be allowed fairly long session timeouts.

      However, requests from WAN-->LAN2:2100 should not be allowed to persist for more than a few minutes at most.


      The command 'ip policy-timeout tcp 2100 900' sets the timeout at 15 minutes for ALL port-2100 sessions if I understand it correctly,


      Is there a way to apply a different timeout per-interface or per-policy-class?

      If not, am I correct that the next best alternative is to set STATELESS in the policy-class for LAN1->LAN2?


      Thanks in advance!

        • Re: 4305 - ip policy-timeout for different interfaces/policy-classes?

          @rold5 - You are correct in your understanding. Unfortunately, there is no way to set the policy-timeout on a per-interface or per-policy-class basis. I will have this suggestion added to our "feature request" list so it can be evaluated and possibly implemented in a future release.


          However, you are right in the workaround being to set the allow rule for the LAN1 to LAN2 traffic as stateless.


          Let us know if you have any further questions.