Re: PIX 515E dropping existing TCP connections

Discussion in 'Cisco' started by Walter Roberson, Oct 23, 2008.

  1. In article <>,
    Jim Faulkner <> wrote:
    >I recently took over administration of a PIX 515E. I think I have a good
    >understanding of networking and VPNs, however I've never dealt with Cisco
    >devices before, so please forgive me if I use any incorrect terminology
    >or ask any silly questions.


    >The problem we're having is that the PIX seems to drop connections that
    >use more than a tiny bit of bandwidth. I have a workstation on a public
    >network, and VPN to the PIX to access a private network. I believe that
    >this is called "split tunneling."


    >When the VPN is connected, I can SSH to hosts on the private network.
    >This works fine for simple command line sessions. However, when I try to
    >copy files over SSH (using scp) to the hosts on the private network, the
    >PIX drops the connection after transferring just a few kilobytes.


    I have sometimes seen this if Path MTU Detection is not permitted. The
    simple commands often only require packets of less than maximum size;
    higher bandwidth corresponds to greater probability that you will
    attempt to pass a maximum size packet. If Path MTU Detection is not
    permitted then that may fail because of the extra overhead required
    for encapsulation. There is related command having to do with
    tcp mss adjustment that should be enabled.


    >When the
    >connection is dropped, I see the following message in the PIX's log:
    >302015: Built inbound TCP connection 45281 for outside:10.100.3.116/54568
    >(10.100.3.116/54568) to inside: 10.100.14.2/22 (10.100.14.2/22)
    >110001: No route to 128.36.236.149 from 128.36.236.114


    I have seen something like that if the VPN address pool is the
    same as the internal IP address range.
     
    Walter Roberson, Oct 23, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BillF
    Replies:
    0
    Views:
    586
    BillF
    Sep 9, 2004
  2. Replies:
    1
    Views:
    2,358
    Walter Roberson
    Dec 9, 2004
  3. PHernandez

    pix 515e, two internet connections

    PHernandez, Mar 1, 2006, in forum: Cisco
    Replies:
    7
    Views:
    4,893
    PHernandez
    Mar 14, 2006
  4. Chris Bales

    ADSL Dropping But not Dropping!!

    Chris Bales, Aug 28, 2004, in forum: Computer Support
    Replies:
    9
    Views:
    704
    Lee Bales
    Aug 29, 2004
  5. leedo

    Cisco Pix 515e TCP help

    leedo, Mar 6, 2008, in forum: Cisco
    Replies:
    1
    Views:
    746
    Greeley
    Mar 6, 2008
Loading...

Share This Page