topic ASA drop upload session in Network Security https://community.cisco.com/t5/network-security/asa-drop-upload-session/m-p/2371185#M271265 <P>Hi, I have asa with policy map below when ever anybody wants to upload large file it drops after some time, since i have multiple services i exclude ip of upload server from access-list and then evrything works normally i want to add and fine tune the below policy map</P><P></P><P></P><P><BR />tcp-map tcp-NORM_Map<BR />&nbsp; check-retransmission <BR />&nbsp; checksum-verification <BR />&nbsp; exceed-mss drop<BR />&nbsp; queue-limit 5 timeout 3<BR />&nbsp; syn-data drop<BR />&nbsp; window-variation drop-connection</P><P><BR />policy-map CONNS_policy<BR />class CONNS_Class<BR />&nbsp; set connection conn-max 1500 embryonic-conn-max 200 per-client-max 10 per-client-embryonic-max 15 <BR />&nbsp; set connection timeout embryonic 0:00:45 half-closed 0:05:00 tcp 0:10:00 reset dcd 0:00:20 3 <BR />&nbsp; set connection advanced-options tcp-NORM_Map</P> Tue, 12 Mar 2019 03:32:12 GMT alkabeer80 2019-03-12T03:32:12Z ASA drop upload session https://community.cisco.com/t5/network-security/asa-drop-upload-session/m-p/2371185#M271265 <P>Hi, I have asa with policy map below when ever anybody wants to upload large file it drops after some time, since i have multiple services i exclude ip of upload server from access-list and then evrything works normally i want to add and fine tune the below policy map</P><P></P><P></P><P><BR />tcp-map tcp-NORM_Map<BR />&nbsp; check-retransmission <BR />&nbsp; checksum-verification <BR />&nbsp; exceed-mss drop<BR />&nbsp; queue-limit 5 timeout 3<BR />&nbsp; syn-data drop<BR />&nbsp; window-variation drop-connection</P><P><BR />policy-map CONNS_policy<BR />class CONNS_Class<BR />&nbsp; set connection conn-max 1500 embryonic-conn-max 200 per-client-max 10 per-client-embryonic-max 15 <BR />&nbsp; set connection timeout embryonic 0:00:45 half-closed 0:05:00 tcp 0:10:00 reset dcd 0:00:20 3 <BR />&nbsp; set connection advanced-options tcp-NORM_Map</P> Tue, 12 Mar 2019 03:32:12 GMT https://community.cisco.com/t5/network-security/asa-drop-upload-session/m-p/2371185#M271265 alkabeer80 2019-03-12T03:32:12Z Re: ASA drop upload session https://community.cisco.com/t5/network-security/asa-drop-upload-session/m-p/2371186#M271266 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Have you gathered any firewalls logs or traffic capture data from the dropped connections?</P><P></P><P>Are you sure that the TCP Map setting of <STRONG>"window-variation drop-connection"</STRONG> is not doing this to your connections? If this setting simply refers to a situation where the window size is changed and because of that dropped I would imagine large transfers will get dropped as I imagine the window size changed during the transfer.</P><P></P><P>Does the command<STRONG> "show service-policy"</STRONG> provide any information?</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 20 Jan 2014 10:20:12 GMT https://community.cisco.com/t5/network-security/asa-drop-upload-session/m-p/2371186#M271266 Jouni Forss 2014-01-20T10:20:12Z