Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
1
Replies

Dropped TCP connnections through RA VPN

rchilcote
Level 1
Level 1

‎11-05-2006 08:12 AM

I'm having problems with dropped connections to protected servers through an ASA5510 with V7.2.1 code and Cisco VPN client 4.7. When I try to connect to a protected server through the VPN using VNC it usually disconnects the VNC app and other times gives me incomplete screen refreshes and then freezes. Terminal services to the same servers works fine.

This also happens when I telnet to an internal switch and do a show tech on the switch. Sometimes the output from the switch completely stops and other times it shows unreadable characters. Once this happens I can disconnect from the telnet session and immediately telnet to it again.

It seems to have to do with the size of the packets and maybe it's the MTU size issue, but I've done this before through a PIX running 6.3 without a problem without changing the MTU sizes. Also, the ASA has a pre-fragmentation setting which seems to allow the ASA to rewrite the DF bit in a packet to allow the packets to be fragmented before sending it through the VPN tunnel even if the end device sets the packets DF bit. The ASA connects to a high speed (5M+5M) metro internet connection, which is different from other sites I connect to. I'm not sure if that's related or not.

Any ideas would be appreciated. Thanks

Bob

Labels:
0 Helpful
1 Reply 1

rchilcote
Level 1
Level 1

‎11-05-2006 11:57 AM

UPDATE

Since no one has responded yet I decided to post an update....

I've been troubleshooting this issue and I think I found the source of the problem. The default inspection rules were still in place on all interfaces. The default settings are applied to all interfaces. I tried to apply them to the outside interface only, but this didn't fix the problem. As soon as I removed the class-map from all interfaces, everything works great.

I guess I need to read up on these inpection rules.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents