Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
2
Replies

SFTP transfer fails to server behind Cisco Firewall

arabinda.sukla
Level 1
Level 1

‎06-11-2008 12:03 AM - edited ‎03-11-2019 05:57 AM

Hi All,

We are observing a peculiar problem, where the client end engineers when they try to upload any file to one of our IBM AIX box, behind the firewall, the upload stalls (fails after 20-50%), after a while. when we move the server out of the firewall DMZ, the transfers are successful.

To give a brief about the connectivity. We have a site-to-site vpn between two parties and at our end we have the Cisco VPN concntrator 3030. The servers are are placed behind a behind a Cisco firewall in the DMZ area.

Is this something to do with the OS on the firewall? Can anybody help me out in trobelshooting this issue. I tried some sniffer, and it seems lot of retransmission occuring.

I beleive since site-to-site vpn is provided 2Mbps Internet, when we put the Server behind the firewall, its not able to negotiate the window size properly and tries utilizing whole 2mbps and eventually drops the connection after lot of re-transmissions due to congestion. While we put the server out of the firewall DMZ, it negotiates the window size as wells as makes the window size increase/decrease depending upon the availability of bandwidth.

Please let me know if my assumption is wrong and wold be great if anybody can provide more insight and troubleshooting steps.

Thanks

Arabinda

Labels:
0 Helpful
2 Replies 2

hadbou
Level 5
Level 5

‎06-17-2008 06:30 AM

Check the configuration of the firewall as this happens only when firewall is present.

Refer the "CISCO IOS Firewall Troubleshoot and Alerts" page present in the following url for more information:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/tsd_products_support_troubleshoot_and_alerts.html

0 Helpful

dcarlton
Level 1
Level 1

‎06-17-2008 08:43 AM

What is the MTU set on the end station or the ftp server? Try dropping your MTU to 1380 on the server if you can.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card