FTP upload issues using ASA5520...

Discussion in 'Cisco' started by cjhoser, Feb 1, 2008.

  1. cjhoser

    cjhoser

    Joined:
    Feb 1, 2008
    Messages:
    1
    Hello,

    I have been getting very puzzling ftp upload timeouts sporadically for some time now. I am using an ASA5520 7.2(1). I am using an app server to upload files approximately 120 megs in size (using passive FTP) to a number of servers spread across the country. What keeps happening (with only certain servers) is the files will stall out somewhere around 20 - 60 megs and eventually cause a timeout (I've tried also using multiple FTP clients to manually upload as well).

    A wiretrace reveals a large number of Duplicate ACKs just before the eventual failure of the transfer.

    The weird part: The first time this started happening, I fixed the problem by giving the sending computer a static public IP using one to one NAT (i.e. 192.168.1.x -> 64.60.XX.XXX). After this, uploads were able to finish without issue.

    Recently, the problem started again, causing all uploads to this particular server (the same exact file was able to be uploaded to another server in another location) to time out again. After much fiddling with NIC settings, cables, etc., the only solution was to revert this machine back to using PAT, removing the static NAT rule.

    Now transfers are again working. However, I need to know WHY this would solve the issue! I spoke to a Cisco ASA tech who could not come up with any reason why this would be the case. The first fix, he said, might make sense only if the ASA was unable to handle all of the PAT translations, but we only have approx. 100 machines using PAT with this ASA5520, well within what it should be able to handle...

    Anyone know what could be going on here? My only thinking is that there must be some router/firewall/switch/device somewhere between our network and the FTP server (east coast) that might be causing the issue...

    Thanks for any aid here.
     
    cjhoser, Feb 1, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. janfdg76@gmail.com
    Replies:
    1
    Views:
    702
    janfdg76@gmail.com
    Feb 18, 2007
  2. mrolen@gmail.com
    Replies:
    2
    Views:
    994
    Its me Earnest T.
    Aug 18, 2007
  3. persepolis77

    ASA5520 VPN Client cannot ping Internet

    persepolis77, Aug 1, 2008, in forum: Cisco
    Replies:
    0
    Views:
    551
    persepolis77
    Aug 1, 2008
  4. Roberto Bazzano

    Show real ip in ASA5520 log

    Roberto Bazzano, Nov 26, 2008, in forum: Cisco
    Replies:
    4
    Views:
    1,676
    Techno_Guy
    Dec 2, 2008
  5. RC
    Replies:
    2
    Views:
    2,118
Loading...

Share This Page