SYN timeout connecting to a server through the VPN

Unanswered Question

Hello,

I have a very odd problem. When connected to the VPN, I can connect to all my servers without problem on any services. On a single server, when I try to connect to Windows shares, it doesn't work. My event log shows nothing on the client or on the server but I get this from the ASA:

10-20-2008 20:54:45 Local4.Info 192.168.1.1 %ASA-6-302014: Teardown TCP connection 288013 for outside:192.168.2.1/1566 to inside:192.168.1.9/445 duration 0:00:30 bytes 0 SYN Timeout (user)

At home I'm on 192.168.50.xx, the lan at work is 192.168.1.xx and the VPN range is 192.168.2.xx.

Any ideas?

ER

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
ajagadee Mon, 10/20/2008 - 18:58

Hello ER,

From the problem description, it looks like a routing issue. Because, you are not seeing the 3-way TCP Handshake.

What is the default gateway on the server with IP Address 192.168.1.9. Is the default gateway pointing to the ASA or a different device. If the default gateway is pointing to a different devices, does this server know that it needs to route the packets destined to 192.168.2.x back to the ASA.

Regards,

Arul

** Please rate all helpful posts **

ajagadee Tue, 10/21/2008 - 06:15

Hello ER,

Thanks for the confirmation. If everything is configured correctly and the issue is only across the VPN Tunnel, your symptoms closely match Bug ID CSCsf23145.

Please refer the release notes for details:

http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn722.html

CSCsf23145

Unable to complete large uploads through VPN if packet loss occurs

Please use the below URL to look up the bug id and the version that has the fix.

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

Hello,

I'm running the 7.2(4) software.

I can connect to the server using remote desktop but if I do \\192.168.1.9 it says: "No provider has accepted the given network path".

I looked at the MTU locally using ping 192.168.1.9 -f -l and only 1272 will work. That means my network is using a MTU of 1300?

Is it set on the switches? They're Cisco 2960.

Also, on my ASA the MTU is set to 1500 for all interfaces, could that cause problems?

I'm puzzled because I can connect to the rest of the servers...

ER

Actions

This Discussion