ASA 5510 - File Uploading Problem

Unanswered Question
Jun 15th, 2010
User Badges:

First, I want to admit my limited knowedge about the Cisco device and the process I'm going to describe.  I have been working on this issue on and off for weeks with no resolution so any help would be greatly appreciated.


After installing the ASA 5510 this winter, the teachers at my school have been unable to upload certain lectures that they recorded in class to YouTube.  Further research showed that the files that were getting denied were all over 100 MB.  We searched through the ASDM and found a reference to 100 MB limit under the Trend-Micro config page --> FTP --> FTP Scanning -->Large File Handling; however, we set the system up to allow files larger than 100 MB through and not be scanned.  My understanding is that the device shouldn't be stopping the download so we're stumped.


Any insight is welcome.  Thank you for your time.


Keegan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Panos Kampanakis Tue, 06/15/2010 - 15:46
User Badges:
  • Cisco Employee,

If the problem is with FTP files make sure you have the "Deliver" option for large files under the FTP and also that you have the "Deferred Scanning" checkbox checked.

Do the same if it is with http under the HTTP > Scanning Section for large files. And that under HTTP > File Blocking the Audio/Video files are not blocked.


I hope it helps.


PK

buzzstryker Tue, 06/15/2010 - 16:23
User Badges:

Thank you for the reply.  After checking the settings, the only change I needed to make was enabling the deferred settings under HTTP Large File Handling.  I also verified that there is no file blocking enabled.  Unfortunately, when I tested an upload to YouTube, the same issue occurred - 121MB file stopped at 89% = approximately 100MB.


I appreciate your assistance.


Keegan

Panos Kampanakis Tue, 06/15/2010 - 20:34
User Badges:
  • Cisco Employee,

I doubt it is CSC related.Can you completely disable HTTP Scanning and see if that fixes the issue? Or exclude tha tip from being scanned for http?

If it is not CSC related you need to focus on the network.


PK

buzzstryker Thu, 06/17/2010 - 09:12
User Badges:

I apologize.  I thought I had already gone through that process in the past but I did go back to disable the HTTP scanning, as well as some other options, and the issue still exists.


Our network is 95% Cisco products.  Do you have any idea where else I might want to look?


Thank you again for your time.

Panos Kampanakis Thu, 06/17/2010 - 12:25
User Badges:
  • Cisco Employee,

You need to check the 5% of your network


I would try to narrow down what device introduces it. Start from the ASA. Try disabling the CSC and run tests. Then try without the ASA in the path. If it is the ASA I would suggest taking captures.

then you can move upwards to narrow down what device introduces it.


I hope it helps.


PK

buzzstryker Thu, 06/17/2010 - 12:27
User Badges:

Thta's great.  Appreciate you sharing your knowledge.

buzzstryker Fri, 06/18/2010 - 15:12
User Badges:

PK,


After looking back at my notes, I decided to run a few additional tests this afternoon:


1)  With no changes I tried to upload a 120 MB file to YouTube.  The file stopped at 100 MB - The set limit for large file handling.

2)  Next, I changes the large file handling limit to 50 MB and tried the same test.  The file stopped at 50 MB.

3)  Finally, I disabled HTTP scanning and tried the upload.  The file stopped at 50 MB.


I tried several variation and had the same results:  Regardless if HTTP scanning is on or off, the large file handling limit stopped the file from completing.  I hope this shines a little more light on the problem.  I 've also attached a screen shot of the HTTP scanning page for reference.


Thank you for your help.

Panos Kampanakis Mon, 06/21/2010 - 05:40
User Badges:
  • Cisco Employee,

IT is probably not related to the CSC.

Keep the CSC turned off and use Ethereal, Wireshark or other packet capture software on the host that is downloading. You want to see why the connection is dropped and who resets it. It would help if you also had a hub and sniffed packet on the outside of the ASA also. That way you would capture the transfer in and out of it and you would see who closes the conn.

And then you could see if the ASA introduces it or if you should focus on other parts of the network..


Also check if the ASA is doing http inspection and disable it to see if it helps.


PK

buzzstryker Wed, 06/30/2010 - 09:41
User Badges:

Just wanted to give you an update.  Working with Cisco right now.  They made an exception to bypass the CSC when sending to the YouTube servers but that is a short term fix.  We are now looking at the real problem.  Should have more soon.

Actions

This Discussion

Related Content