I've run into a weird problem. I have an ASA5505 with a very slow Internet connection that acts as an EasyVPN client. I want to upgrade the software image on it but given the speed of the Internet connection, it's going to take about 2 hours. Every time I try to upload the new image to flash, it stops after 1 hour. I guess it's because of the SSH session idle timeout value which is set to 60 minutes (max). Is there any way I can fix this problem? Thanks.
If the firewall is local to you, I would suggest you downloading the file to a local computer (may be download it outside of your network) and then uploading it to the firewall from the local PC. That is much better compared to trying to load it via internet.
As far as slow connection is concerned, is it due to your ISP or do you think it is due to the firewall itself? If you think it is due to the firewall itself, you might want to check the output of "show asp drop" to see if there are any drops due to MSS exceed or Out-of-order packets. If yes, please try the following:
Thanks for the reply. After a few unsuccessful attempts to upload the new image, I decided to switch to some other SSH client since I noticed the uploading stopped when Putty tried to renegotiate the current SSH session. So after switching to SecureCRT, everything went without a hitch.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...