Hi!
Which version of ASA code do you run?
Cheers,
A.
Amr Masoud wrote:
> Dears,
>
> I am facing a strange problem with transferring files ( HTTP or FTP or
> Windows SMB) between two sites linked with IPSec tunnel over Internet. One
> side is Juniper Netscreen FW, the other side is Cisco ASA FW. Tunnel is up
> all the time, Ping with 1400 byte length is working fine over the tunnel.
> When transferring large files over the tunnel is starts fine, then at random
> amount of transfer it stops and hangs and can't continue unless restarting
> the download or upload session again.although Ping is continously working
> filne and never cut.
> I know, from the first glance, it seems MTU issue, I thought that and I did
> those recomendations from cisco in this link*
> http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K17526466*
>
> *sysopt connection
> tcpmss<http://www.cisco.com/en/US/customer/docs/security/pix/pix62/command/reference/s.html#wp1026942>1300
> **
> crypto ipsec df-bit
> clear<http://www.cisco.com/en/US/customer/docs/ios/12_3t/secur/command/reference/sec_c2gt.html#wp1205874>
> *
>
> Even I reduced the MTU on the Fille server itself to 1300 bytes and disabled
> PMTUDiscovery on the server, But Unfortunately problem still exist :(
>
> I opened case with Cisco, and they recommended me to increase the cryptp map
> security association lifetime, and I made it 24 hours
>
> crypto map outside_map1 1 set security-association lifetime seconds 86400
>
>
> But Unfortunately the same problem still exist :( :(
>
>
> Has anybody faced a problem like this ?
>
>
> Regards,
>
> Amr Masoud
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Dec 12 2009 - 20:40:30 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 02 2010 - 11:11:08 ART