FTP Issue - Urgent

Unanswered Question
Oct 8th, 2009


All of a sudden I can't upload files via ftp over IPSec Tunnel between HQ & Branches, any bigger than 8192 bytes. When I try to upload them, it jams when it's uploaded 8192 bytes of the file. Also, if a file is smaller than 8192 byte the upload finish correctlyt. When I also upload in the LAN files bogger than 8192 byte, the upload finish correctly. The endpoints are Cisco 3845 and Cisco 2811. There are "ip mtu 1400" & "ip tcp adjust-mss 1360" commands configured in Tunnel interfaces in both ends.

How I can confirm that there is no any network issue, for this phenomenon? Any help would be appreciated.

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hammy1982 Thu, 10/08/2009 - 01:24

do you have any firewall?

Maybe the firewall does not support mtu path discovery because icmp is blocked?

Sounds like such a Problem. small files upload correctly, larger files uplaod to a specific value and than the bandwidth collapses.

you could try to set up some tests (connect Laptop to both routers (new interface) and test your Path (otherwise you cannot locate your problem (if it's a WAN or LAN issue))

jgtheodor Thu, 10/08/2009 - 01:38


There is no any firewall between two endpoints. All the other traffic flow well, except FTP files over 8192 bytes. There in no path mtu discovery on routers, because of the relevant commands in Tunnel interfaces. I have already tested if there is any fragmentation issue with extended ping and the DF bit and everything seems works fine.

hammy1982 Thu, 10/08/2009 - 01:52

do the endpoint hosts log?

can you tcpdump on the end hosts?

can you set up a test with 2 other endpoints?

You have to figure out if it is a WAN, LAN or Host problem.

you can try to mirror your Ports on the edge devices (monitor session) and analyse it step-by-step (when sure, that WAN isn't the Problem)

jgtheodor Thu, 10/08/2009 - 02:05


I have just captured with ethereal the relevant TCP flow, and as I can see there is a TCP Check Sum Incorrect message. I will try to figure out what is going on,

jgtheodor Thu, 10/08/2009 - 02:33


I am sending you the relevant tcpdump file from an FTP traffic flow. I am trying to GET a file bigger than 8192 bytes and the transfer is completed with file truncated in 8192 bytes. Could you please take a look and write any suggestion? The FTP Server IP Address is (branch) and the IP Address is the FTP Client Address (HQ).



This Discussion