!! Define the traffic that will require the custom timeout

access-list <Match-ACL-Name> extended permit <traffic-to-match>
!! Define the class-map with the match of the ACL above

class-map <Class-Map-Name>
 match access-list <Match-ACL-Name>
!! Define the policy-map to be applied to an interface
!! Note: Only one policy-map can be defined per interface. If you have one already defined for an interface, add the 'class' and settings to the existing policy-map

policy-map <Policy-Map-Name>
 class <Class-Map-Name>
  set connection timeout idle <Timeout-in-HH:MM:SS-Format>
!! Note: Only one policy-map can be defined per interface. If you have one already defined for an interface, the following line is not necessary

service-policy <Policy-Map-Name> interface <interface> 

EXAMPLE CONFIGURATION

access-list SSH-24Hour-ACL extended permit tcp object-group SSH_24Hour_Hosts any eq 22

class-map SSH-24Hour-ClassMap
 match access-list SSH-24Hour-ACL

policy-map inside-policy-map
 class SSH-24Hour-ClassMap
  set connection timeout idle 24:00:00

service-policy inside-policy-map interface inside 

Notes:

  • See documentation for information regarding the interface direction
  • This was designed for versions 8.3+ although it may work on version 8.2

Documentation

Next Post Previous Post