Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 - strange three way handshakes

Hi all. We have a following situation happening on the DMZ of our ASA 5510.We first caught the problem when one of the users notified us that transfer of files from a server in the DMZ starts OK but slows down to a crawl.We have tested the claim and have found that the same thing happening.Sometimes the transfer goes OK,sometimes it goes to a crawl(beneath 40k) and sometimes it slows down a bit but finishes in time.This mostly happens with large files.

We have further viewed the tcp dump from both sides(from the server side on the DMZ and from a host just before the ASA).Sometimes we see on the server side ACK's that come in triplicates and that server side seems to send packets in a random order.The problem only happens on the server side as the tcp dump from the host side seems OK.

We believe the problem is ASA related but we don't know what could be causing it.Any ideas?

18 REPLIES

Re: ASA 5510 - strange three way handshakes

try to setup "speed" "duplex" manually...

New Member

Re: ASA 5510 - strange three way handshakes

It's already setup like that.

Re: ASA 5510 - strange three way handshakes

Can you please post the output of the following

show asp drop

show interface (after sanitizing the IPs)

Regards

Farrukh

New Member

Re: ASA 5510 - strange three way handshakes

The outputs are in attachments.

Re: ASA 5510 - strange three way handshakes

I'm afraid you will have to do the following before capturing these commands:

clear asp drop

clear interface

then initiate this slow transfer, once you finish issue the show commands previously mentioned.

Regards

Farrukh

New Member

Re: ASA 5510 - strange three way handshakes

OK. I entered the clear commands and have issued show asp drop and show interface over a period of time as you can see in the attachments.

Re: ASA 5510 - strange three way handshakes

You certainly have a lot of TCP-related errors for sure. This does not seem to be normal for such a short interval (after the clear asp drop). Duplex issue seems to be OK as there are no real errors (except a few overruns on the inside interface). You could try to make a tcp-map matching on your application flow and try to allow the following:

access-list tcpmaplist permit ip host host

access-list tcpmaplist permit ip host host

class-map slowbw-classmap

match access-list tcpmaplist

tcp-map netpro-map

exceed-mss allow

invalid-ack allow

queue-limit 250 timeout 20

window-variation allow

policy-map global_policy

class slowbw-classmap

set connection advanced-options netpro-map

Regards

Farrukh

New Member

Re: ASA 5510 - strange three way handshakes

Can you enable logging and check the tcp session like you should see "torn down" immediately else u should allow MSS option in ASA.

Farukh bhai what's ur opinios about this?

Re: ASA 5510 - strange three way handshakes

A better option would be to use:

capture capture_name type asp-drop all

And then see if this concerned traffic is included in the capture file.

Regards

Farrukh

New Member

Re: ASA 5510 - strange three way handshakes

I'll try the capture suggestion and I'll see what I get. I'll keep you posted.

New Member

Re: ASA 5510 - strange three way handshakes

I did a capture as suggested. I get the following messages when I enter the show capture command.

547: 16:17:12.634748 x.x.x.x.80 > y.y.y.y.35167: . 1399302031:1399303399(1368) ack 332783732 win 46

548: 16:17:12.634763 x.x.x.x.80 > y.y.y.y.35167: . 1399303399:1399303935(536) ack 332783732 win 46

549: 16:17:12.634763 x.x.x.x.80 > y.y.y.y.35167: . 1399303935:1399305303(1368) ack 332783732 win 46

550: 16:17:12.634778 x.x.x.x.80 > y.y.y.y.35167: . 1399305303:1399306135(832) ack 332783732 win 46

551: 16:17:12.634778 x.x.x.x.80 > y.y.y.y.35167: . 1399306135:1399307503(1368) ack 332783732 win 46

X.X.X.X being server in the DMZ and Y.Y.Y.Y being the host on the inside.Any thoughts?

Re: ASA 5510 - strange three way handshakes

Did you try the following?:

access-list tcpmaplist permit ip host host

access-list tcpmaplist permit ip host host

class-map slowbw-classmap

match access-list tcpmaplist

tcp-map netpro-map

exceed-mss allow

invalid-ack allow

queue-limit 250 timeout 20

window-variation allow

policy-map global_policy

class slowbw-classmap

set connection advanced-options netpro-map

Regards

Farrukh

New Member

Re: ASA 5510 - strange three way handshakes

Hi.Sorry for the late reply but I had an emergency to resolve since I last wrote.I also have some new information.Our server admin told us that the problem might be in sliding windows when traffic goes over the ASA.He put a static window size of 2 on the server and he achieved respectable speeds.

I will try the solution you suggested as I think the window-variation allow part will help a lot.

One question though as I'm a bit new with policies on the ASA.Will this solution affect any other part of the global policy?I have some other things configured in the global policy and wouldn't want to nullify them so I want to be sure.

Re: ASA 5510 - strange three way handshakes

No it it will not because you will be using an ACL to restrict these actiosn two these hosts only.

Regards

Farrukh

New Member

Re: ASA 5510 - strange three way handshakes

I was asking because later if the problem is solved I will have to modify the access list to apply the changes to other ranges,VPN clients and so on.

New Member

Re: ASA 5510 - strange three way handshakes

Just tested the configuration with our server admin and we haven't seen an improvement.The transfer seems a bit more dynamic(we see a good transfer speed then it drops to some silly values then rises and so on) but there still a lot of speed drops with speeds beneath 10kbits.

Also I didn't see the option under tcp-map for invalid-ack allow and ASA won't accept the command.

Re: ASA 5510 - strange three way handshakes

New Member

Re: ASA 5510 - strange three way handshakes

I have version 8.0(3) on my ASA and I don't see it it the command reference for the 8.0 version on the Cisco site.

161
Views
0
Helpful
18
Replies