Solved: v3.3.1 - system diagnostic on ASA fails with session disconnected

mattwoida · ‎04-20-2017

Upgraded to v3.3.1. SSH connection to ASA (5545 ver 9.3(3)7) works fine. Unused Policy tool works most of the time without session disconnect (although I have seen this once already). Running the System Diagnostic tool results in session disconnect every time. I have tokens available so I am assuming the tool should run and complete without issue. Any thoughts/ideas .... ?

kevwilso · ‎04-20-2017

Also, What is your connection path to your ASA? Is it direct connect or are you going through a comm server? Also, are you on Windows?

When connecting to ASA versions previous to 9.5.2(2) from the Windows client we've seen rare occurrences when a lot of data is flowing from ASA a disconnect can occur. This maybe due to the Windows TCP buffer being overrun. A TCP zero window" occurs and consequently a TCP RST occurs and the session terminates. Note the CLI Analyzer consumes data slower than other applications.

The above is assuming its not a network connectivity issue.

View solution in original post

John Bollier · ‎04-20-2017

Hi Matt,

Can you try connecting to another ASA that is similar in software/model version within another portion of your network to see if the problem follows? Please run the same tools a few times.I tested in our lab and unable to duplicate. Also if you can please ping both ASA's and share the latency for comparison purposes.

Thanks,

John

mattwoida · ‎04-20-2017

John,

I have three 5540 (ver 9.1(6)11). One worked (ran system diagnostics without session disconnect) fine without issue, second needed a second attempt as the first was a session disconnect. The 3rd completed after 3 or 4 attempts. The original (5545) still will not complete a run.

5540_1:

Ping statistics for 10.50.98.41:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

5540_2:

Ping statistics for 10.50.98.42:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 4ms, Average = 4ms

5540_3:

Ping statistics for 10.50.98.43:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 4ms, Average = 4ms

5545: (less then 1ms)

Ping statistics for 10.10.99.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

kevwilso · ‎04-20-2017

Also, What is your connection path to your ASA? Is it direct connect or are you going through a comm server? Also, are you on Windows?

When connecting to ASA versions previous to 9.5.2(2) from the Windows client we've seen rare occurrences when a lot of data is flowing from ASA a disconnect can occur. This maybe due to the Windows TCP buffer being overrun. A TCP zero window" occurs and consequently a TCP RST occurs and the session terminates. Note the CLI Analyzer consumes data slower than other applications.

The above is assuming its not a network connectivity issue.

mattwoida · ‎04-20-2017

kevwilso,

Windows direct connect - no comm server. Four ASA's tested are running versions previous to 9.5. Wireshark error for TCP window size full "Expert Info (Warning/Sequence): TCP window specified by the receiver is now completely full". Packet capture confirms ASA sends a TCP RST. Do you know of a workaround for this issue (other than ASA upgrade)? I assume equivalent is to do the 'file analysis' instead of using the system diag tool?

kevwilso · ‎04-20-2017

You may be able to adjust/increase your TCP Window Size using the below instructions:

https://www.experts-exchange.com/questions/28353794/How-TCP-IP-Sliding-Window-is-configured-on-Win7-hosts.html

Note when they mention HKLM in the article, they really mean "HKEY_LOCAL_MACHINE".