bigfooter
asked on
CISCO ASA 5520, FTP Timeouts
We have recently moved to an ASA 5520 and finding that our FTP connections are timing out when downloading large files.
I can use the ASDM and the CLI but cannot find anything definitive to increase the time out for FTP connections...
Any help is much appreciated!
Thanks
BF
I can use the ASDM and the CLI but cannot find anything definitive to increase the time out for FTP connections...
Any help is much appreciated!
Thanks
BF
Ramakrishna Prabhu
What policies have been enabled currently? Can you paste the configuration?
ASKER
Hi
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
: end
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
: end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On the external interface? Will this not clip the bandwidth? We have 400 users on a 1Gig line
>> Will this not clip the bandwidth?
NO, it only affects packet fragmentation
PL
NO, it only affects packet fragmentation
PL
ASKER
Ok thanks
mtu management 1500
mtu Inside 1500
mtu Outside 1300
All done. how does this affect timeouts for FTP? Cheers
mtu management 1500
mtu Inside 1500
mtu Outside 1300
All done. how does this affect timeouts for FTP? Cheers
ASKER
Thanks
if there is a router between your ASA and the FTP server that drops packets with a large packet size then this behaviour occurs.
You can test with higher MTU values like 1400, 1410, etc. so see which value works without problems.
I suggest you look for the highest possible value.
You can test with higher MTU values like 1400, 1410, etc. so see which value works without problems.
I suggest you look for the highest possible value.
ASKER
Thanks I will tweak until I hit the sweet spot.