Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

SFTP transfer fails to server behind Cisco Firewall

Hi All,

We are observing a peculiar problem, where the client end engineers when they try to upload any file to one of our IBM AIX box, behind the firewall, the upload stalls (fails after 20-50%), after a while. when we move the server out of the firewall DMZ, the transfers are successful.

To give a brief about the connectivity. We have a site-to-site vpn between two parties and at our end we have the Cisco VPN concntrator 3030. The servers are are placed behind a behind a Cisco firewall in the DMZ area.

Is this something to do with the OS on the firewall? Can anybody help me out in trobelshooting this issue. I tried some sniffer, and it seems lot of retransmission occuring.

I beleive since site-to-site vpn is provided 2Mbps Internet, when we put the Server behind the firewall, its not able to negotiate the window size properly and tries utilizing whole 2mbps and eventually drops the connection after lot of re-transmissions due to congestion. While we put the server out of the firewall DMZ, it negotiates the window size as wells as makes the window size increase/decrease depending upon the availability of bandwidth.

Please let me know if my assumption is wrong and wold be great if anybody can provide more insight and troubleshooting steps.

Thanks

Arabinda

2 REPLIES
Bronze

Re: SFTP transfer fails to server behind Cisco Firewall

Check the configuration of the firewall as this happens only when firewall is present.

Refer the "CISCO IOS Firewall Troubleshoot and Alerts" page present in the following url for more information:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/tsd_products_support_troubleshoot_and_alerts.html

New Member

Re: SFTP transfer fails to server behind Cisco Firewall

What is the MTU set on the end station or the ftp server? Try dropping your MTU to 1380 on the server if you can.

372
Views
0
Helpful
2
Replies
CreatePlease to create content