How to modify SSH/HTTP/Telnet time out in Cisco ASA firewall?

By default tcp idle timeout is 1:0:0 hh:mm:ss. If in case you need to modify it you can do it by MPF (Modular Policy Framework). Let us setup a custom timeout when traffic is coming from particular host 10.77.241.129.

!— Match the traffic using the access-list —!

object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq ssh
port-object eq telnet

access-list outside_mpc extended permit tcp host 10.77.241.129 <source ip> any object-group DM_INLINE_TCP_1

!— Define the class map Cisco-class –!

class-map Cisco-class
match access-list outside_mpc

!— Call this class-map into policy map and set the connection reset after 10 min when traffic is coming from particular host —!

policy-map Cisco-policy
class Cisco-class
set connection timeout idle 0:10:00 reset

!— Apply the policy-map Cisco-policy on the interface. —!

service-policy Cisco-policy interface outside

If you need to modify the tcp timeout session globally across the device you use do it using command. All the time is in hh:mm:ss format.

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02