RE: File transfer over Site-to-Site IPSec VPN. from Deepak Sinha on 2009-12-13 (Ccielab archives 12/2009)

From: Deepak Sinha <dpk.sinha_at_gmail.com>
Date: Sun, 13 Dec 2009 14:06:58 +0530

I am working for a large project for Media company. I had same problem a few
days back at our one of the site in Canada. We sorted the issue by
restarting the CP Secure Box behind the Firewall, PIX515E.

Regards
Deepak

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Alexei Monastyrnyi
Sent: 12 December 2009 15:11
To: Amr Masoud
Cc: Cisco certification
Subject: Re: File transfer over Site-to-Site IPSec VPN.

Hi!

Which version of ASA code do you run?

Cheers,
A.

Amr Masoud wrote:
> Dears,
>
> I am facing a strange problem with transferring files ( HTTP or FTP or
> Windows SMB) between two sites linked with IPSec tunnel over Internet. One
> side is Juniper Netscreen FW, the other side is Cisco ASA FW. Tunnel is up
> all the time, Ping with 1400 byte length is working fine over the tunnel.
> When transferring large files over the tunnel is starts fine, then at
random
> amount of transfer it stops and hangs and can't continue unless restarting
> the download or upload session again.although Ping is continously working
> filne and never cut.
> I know, from the first glance, it seems MTU issue, I thought that and I
did
> those recomendations from cisco in this link*
>
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K17526466*
>
> *sysopt connection
>
tcpmss<http://www.cisco.com/en/US/customer/docs/security/pix/pix62/command/r
eference/s.html#wp1026942>1300
> **
> crypto ipsec df-bit
>
clear<http://www.cisco.com/en/US/customer/docs/ios/12_3t/secur/command/refer
ence/sec_c2gt.html#wp1205874>
> *
>
> Even I reduced the MTU on the Fille server itself to 1300 bytes and
disabled
> PMTUDiscovery on the server, But Unfortunately problem still exist :(
>
> I opened case with Cisco, and they recommended me to increase the cryptp
map
> security association lifetime, and I made it 24 hours
>
> crypto map outside_map1 1 set security-association lifetime seconds 86400
>
>
> But Unfortunately the same problem still exist :( :(
>
>
> Has anybody faced a problem like this ?
>
>
> Regards,
>
> Amr Masoud
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Dec 13 2009 - 14:06:58 ART

This archive was generated by hypermail 2.2.0 : Sat Jan 02 2010 - 11:11:08 ART