We have a small office (15 users) protected by an ASA 5505 running 8.2(5). The problem we are having is downloading large files from to Office 365 (really SharePoint in MS cloud). They get interrupted and the connection is dropped.
I have looked into this and it seems the problem concerns the TCP Window scaling or autotuninglevel and its support by upstream routers from the user. If I open an elevated Command prompt on my machine and execute the following the large files download fine through the ASA
netsh int tcp set global autotuninglevel=disabled
Putting it back to the default setting again will cause the file to not download
netsh int tcp set global autotuninglevel=nomal.
Also if I swap out the ASA 5505 using a consumer router/FW I have no problems with the larger files.
Question, is there a way to activate windows scaling on the ASA which my consumer router/FW seems to support? Will upgrading to a higher software version of the ASA help? I am using 8.2(5)? I am hoping this is a fairly common problem but I can’t seem to find an easy solution online. Thanks so much -Bob
I have exactly the same problem on an ASA 5505 with 8.2(1). I believe it is a bug but not having a current contract prevents me from being able to upgrade the firewall. I found the following references to the problem and the workarounds do work but it should ideally be fixed on the firewall.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...