ASA 7.2 - Dead Connection Detection (DCD)

Hello all,

Is somebody is using this new feature with their Cisco ASA device running OS release 7.2? I tried to set it up, but it doesn't seem to work.

Can somebody help me how to setup DCD feature?

Best Regards, Yanick

Reply to
Loading thread data ...

Hi Yanick,

You may wish to investigate Cisco's Configuring Connection Limits and Timeouts.

Dead connection detection(DCD) detects a dead connection and allows it to expire, without expiring connections that can still handle traffic.

If DCD timeout is configured for the class, DCD is enabled for traffic matching that class.

If DCD timeout is not configured, DCD is disabled for the traffic matching that class.

You configure DCD when you want idle, but valid connections to persist.

When you enable DCD, idle timeout behavior changes.

With idle timeout, DCD probes are sent to each of the two end-hosts to determine the validity of the connection.

If an end-host fails to respond after probes are sent at the configured intervals, the connection is freed, and reset values, if configured, are sent to each of the end-hosts.

If both end-hosts response that the connection is valid, the activity timeout is updated to the current time and the idle timeout is rescheduled accordingly.

To set the timeout for connections, embryonic connections (half-opened), half-closed connections, and dead connection detection, enter the following command:

hostname(config-pmap-c)# set connection timeout {tcp [reset]] [half-close ] [embryonic ] [dcd [ [max-retries]]]}

where the half-close and tcp values are a time between 0:5:0 and

1192:59:59, in hh:mm:ss format.

The default for half-close is 0:10:0 and the default for tcp is 1:0:0.

You can also set these values to 0, which means the connection never times out.

The embryonic is a time between 0:0:5 and 1192:59:59, in hh:mm:ss format. The default is 0:0:30.

You can also set this value to 0, which means the connection never times out.

The dcd is a time duration in format to wait between each unresponsive DCD probe.

The minimal value is 1 second, and the maximum value is 24 hours. The default value is 15 seconds.

The dcd is the number of consecutive failed retries before declaring the connection as dead.

The minimum value is 1 and the maximum value is 255, and the default is

  1. You can enter this command all on one line (in any order), or you can enter each attribute as a separate command.

The command is combined onto one line in the running configuration.

formatting link
Hope this helps.

Brad Reese BradReese.Com - Cisco Repair

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Power Supply Headquarters
formatting link

Reply to
www.BradReese.Com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.