04-20-2017 08:32 AM
Upgraded to v3.3.1. SSH connection to ASA (5545 ver 9.3(3)7) works fine. Unused Policy tool works most of the time without session disconnect (although I have seen this once already). Running the System Diagnostic tool results in session disconnect every time. I have tokens available so I am assuming the tool should run and complete without issue. Any thoughts/ideas .... ?
Solved! Go to Solution.
04-20-2017 10:38 AM
04-20-2017 09:50 AM
Hi Matt,
Can you try connecting to another ASA that is similar in software/model version within another portion of your network to see if the problem follows? Please run the same tools a few times.I tested in our lab and unable to duplicate. Also if you can please ping both ASA's and share the latency for comparison purposes.
Thanks,
John
04-20-2017 10:37 AM
John,
I have three 5540 (ver 9.1(6)11). One worked (ran system diagnostics without session disconnect) fine without issue, second needed a second attempt as the first was a session disconnect. The 3rd completed after 3 or 4 attempts. The original (5545) still will not complete a run.
5540_1:
Ping statistics for 10.50.98.41:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
5540_2:
Ping statistics for 10.50.98.42:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 4ms, Average = 4ms
5540_3:
Ping statistics for 10.50.98.43:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 4ms, Average = 4ms
5545: (less then 1ms)
Ping statistics for 10.10.99.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
04-20-2017 10:38 AM
04-20-2017 11:02 AM
kevwilso,
Windows direct connect - no comm server. Four ASA's tested are running versions previous to 9.5. Wireshark error for TCP window size full "Expert Info (Warning/Sequence): TCP window specified by the receiver is now completely full". Packet capture confirms ASA sends a TCP RST. Do you know of a workaround for this issue (other than ASA upgrade)? I assume equivalent is to do the 'file analysis' instead of using the system diag tool?
04-20-2017 12:34 PM
You may be able to adjust/increase your TCP Window Size using the below instructions:
https://www.experts-exchange.com/questions/28353794/How-TCP-IP-Sliding-Window-is-configured-on-Win7-hosts.html
Note when they mention HKLM in the article, they really mean "HKEY_LOCAL_MACHINE".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide