Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA drop upload session

Hi, I have asa with policy map below when ever anybody wants to upload large file it drops after some time, since i have multiple services i exclude ip of upload server from access-list and then evrything works normally i want to add and fine tune the below policy map


tcp-map tcp-NORM_Map
  check-retransmission
  checksum-verification
  exceed-mss drop
  queue-limit 5 timeout 3
  syn-data drop
  window-variation drop-connection


policy-map CONNS_policy
class CONNS_Class
  set connection conn-max 1500 embryonic-conn-max 200 per-client-max 10 per-client-embryonic-max 15
  set connection timeout embryonic 0:00:45 half-closed 0:05:00 tcp 0:10:00 reset dcd 0:00:20 3
  set connection advanced-options tcp-NORM_Map

1 REPLY
Super Bronze

Re: ASA drop upload session

Hi,

Have you gathered any firewalls logs or traffic capture data from the dropped connections?

Are you sure that the TCP Map setting of "window-variation drop-connection" is not doing this to your connections? If this setting simply refers to a situation where the window size is changed and because of that dropped I would imagine large transfers will get dropped as I imagine the window size changed during the transfer.

Does the command "show service-policy" provide any information?

- Jouni

230
Views
0
Helpful
1
Replies
CreatePlease login to create content