Dears,
I am facing a strange problem with transferring files ( HTTP or FTP or
Windows SMB) between two sites linked with IPSec tunnel over Internet. One
side is Juniper Netscreen FW, the other side is Cisco ASA FW. Tunnel is up
all the time, Ping with 1400 byte length is working fine over the tunnel.
When transferring large files over the tunnel is starts fine, then at random
amount of transfer it stops and hangs and can't continue unless restarting
the download or upload session again.although Ping is continously working
filne and never cut.
I know, from the first glance, it seems MTU issue, I thought that and I did
those recomendations from cisco in this link*
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K17526466*
*sysopt connection
tcpmss<http://www.cisco.com/en/US/customer/docs/security/pix/pix62/command/reference/s.html#wp1026942>1300
**
crypto ipsec df-bit
clear<http://www.cisco.com/en/US/customer/docs/ios/12_3t/secur/command/reference/sec_c2gt.html#wp1205874>
*
Even I reduced the MTU on the Fille server itself to 1300 bytes and disabled
PMTUDiscovery on the server, But Unfortunately problem still exist :(
I opened case with Cisco, and they recommended me to increase the cryptp map
security association lifetime, and I made it 24 hours
crypto map outside_map1 1 set security-association lifetime seconds 86400
But Unfortunately the same problem still exist :( :(
Has anybody faced a problem like this ?
Regards,
Amr Masoud
Blogs and organic groups at http://www.ccie.net
Received on Sat Dec 12 2009 - 12:21:17 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 02 2010 - 11:11:08 ART