SFTP transfer fails to server behind Cisco Firewall

Unanswered Question
Jun 11th, 2008
User Badges:

Hi All,

We are observing a peculiar problem, where the client end engineers when they try to upload any file to one of our IBM AIX box, behind the firewall, the upload stalls (fails after 20-50%), after a while. when we move the server out of the firewall DMZ, the transfers are successful.

To give a brief about the connectivity. We have a site-to-site vpn between two parties and at our end we have the Cisco VPN concntrator 3030. The servers are are placed behind a behind a Cisco firewall in the DMZ area.

Is this something to do with the OS on the firewall? Can anybody help me out in trobelshooting this issue. I tried some sniffer, and it seems lot of retransmission occuring.

I beleive since site-to-site vpn is provided 2Mbps Internet, when we put the Server behind the firewall, its not able to negotiate the window size properly and tries utilizing whole 2mbps and eventually drops the connection after lot of re-transmissions due to congestion. While we put the server out of the firewall DMZ, it negotiates the window size as wells as makes the window size increase/decrease depending upon the availability of bandwidth.

Please let me know if my assumption is wrong and wold be great if anybody can provide more insight and troubleshooting steps.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dcarlton Tue, 06/17/2008 - 08:43
User Badges:

What is the MTU set on the end station or the ftp server? Try dropping your MTU to 1380 on the server if you can.


This Discussion