• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 863
  • Last Modified:

CISCO ASA 5520, FTP Timeouts

We have recently moved to an ASA 5520 and finding that our FTP connections are timing out when downloading large files.

I can use the ASDM and the CLI but cannot find anything definitive to increase the time out for FTP connections...

Any help is much appreciated!

Thanks
BF
0
bigfooter
Asked:
bigfooter
1 Solution
 
Ramakrishna PrabhuNetwork EngineerCommented:
What policies have been enabled currently? Can you paste the configuration?
0
 
bigfooterAuthor Commented:
Hi

policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous

: end
0
 
Henk van AchterbergSr. Technical ConsultantCommented:
can you lower the MTU to 1300 (just to test) on the WAN interface?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
bigfooterAuthor Commented:
On the external interface? Will this not clip the bandwidth? We have 400 users on a 1Gig line
0
 
Pete LongTechnical ConsultantCommented:
>> Will this not clip the bandwidth?

NO, it only affects packet fragmentation

PL
0
 
bigfooterAuthor Commented:
Ok thanks

mtu management 1500
mtu Inside 1500
mtu Outside 1300

All done. how does this affect timeouts for FTP? Cheers
0
 
bigfooterAuthor Commented:
Thanks
0
 
Henk van AchterbergSr. Technical ConsultantCommented:
if there is a router between your ASA and the FTP server that drops packets with a large packet size then this behaviour occurs.

You can test with higher MTU values like 1400, 1410, etc. so see which value works without problems.

I suggest you look for the highest possible value.
0
 
bigfooterAuthor Commented:
Thanks I will tweak until I hit the sweet spot.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now