https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351264#M751273 <HTML><HEAD></HEAD><BODY><P>Also check forthe following</P><P></P><P>1. Any filter rules configured on ASA.</P><P></P><P>2. If you have any SSM modules check for alerts (means AIP, CSC).</P><P></P><P>3. Fragmentation issue, check you have permitted ICMP unreachable message on ASA, otherwise it will casue PMTUD (path mtu discovery)process to fail.</P><P></P><P>Dileep</P></BODY></HTML> Tue, 12 Jan 2010 04:56:11 GMT Dileep Sivadas Padmini 2010-01-12T04:56:11Z https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351261#M751256 <P>I can connect and browse the subfolders but when ever I try to download anything<SPAN style="background-color: #f8fafd;"> IE 7 just hangs. I am behind a ASA 5510. when I try to download the same file from my home PC it starts the download right away, which is why I think its my firewall. What do I need on the firewall to allow the download?</SPAN></P> Mon, 11 Mar 2019 16:55:56 GMT https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351261#M751256 kencranmer 2019-03-11T16:55:56Z https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351262#M751262 <HTML><HEAD></HEAD><BODY><P>Try to check your Inspect Policy on your ASA.&nbsp; make sure that inspect ftp is in there.&nbsp; I hope this helps.</P><P></P><P></P><P>Russell</P></BODY></HTML> Mon, 11 Jan 2010 22:26:10 GMT https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351262#M751262 rmanapat 2010-01-11T22:26:10Z https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351263#M751266 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Few things we need to consider about SLOW downloads from your FTP server (which I ASSUME is out on the internet) for clients behind the firewall.</P><P>Was any s/w upgrade or h/w change done to the box when you noticed such a behavior ?</P><P>Since you are able to connect to the FTP site, most probably&nbsp; it will have nothing to do with your inspect FTP command on the box.</P><P>What you need to do is to setup captures on the box for interesting traffic and then analyse it using wireshark network analyser, to check for :</P><P></P><P>Increased MSS sizes being used for TCP transmission across the ASA. By default ASA has MSS of 1380 bytes, so if any greater segment sizes are coming to the ASA, then it will have to break them up into several PDU's which would mean a lot of reassembling will be done. This could slow down downloads.</P><P></P><P>Increased TCP MSS segments can be allowed on ASA, using advaced TCP options in MPF.</P><P></P><P>Check the asp drop counters on firewall to check for o-o-o packets (out of order) and try to increase the queue-limit for allowing such kinds of packets and montior if that helps.</P><P></P><P>Bottom line, best way to troubleshoot latency issues for downloads are packet captures. Here is a&nbsp; link to help you setup captures</P><P></P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-1222">https://supportforums.cisco.com/docs/DOC-1222</A></P><P></P><P>HTH</P><P></P><P>Vijaya</P></BODY></HTML> Tue, 12 Jan 2010 04:32:20 GMT https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351263#M751266 vilaxmi 2010-01-12T04:32:20Z https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351264#M751273 <HTML><HEAD></HEAD><BODY><P>Also check forthe following</P><P></P><P>1. Any filter rules configured on ASA.</P><P></P><P>2. If you have any SSM modules check for alerts (means AIP, CSC).</P><P></P><P>3. Fragmentation issue, check you have permitted ICMP unreachable message on ASA, otherwise it will casue PMTUD (path mtu discovery)process to fail.</P><P></P><P>Dileep</P></BODY></HTML> Tue, 12 Jan 2010 04:56:11 GMT https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351264#M751273 Dileep Sivadas Padmini 2010-01-12T04:56:11Z https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351265#M751294 <HTML><HEAD></HEAD><BODY><P>Turns out to be a problem with CSC. Waiting for a tech specialized in this area to look into</P><P>it for me. Thanks for the advice!</P></BODY></HTML> Tue, 12 Jan 2010 15:48:34 GMT https://community.cisco.com/t5/network-security/cannot-download-from-ftp-site/m-p/1351265#M751294 kencranmer 2010-01-12T15:48:34Z