Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1273
Views
0
Helpful
1
Replies

dropping packets on large FTP transfer

ddacus
Level 1
Level 1

‎05-24-2011 11:35 AM - edited ‎03-11-2019 01:37 PM

I am attempting to FTP to a remote site through a IPSEC tunnel.

When I am transfering large files the ASA5540 is showing syslog errors stating "connection timeout".  What I think is happening is after about 1 hour the firewall is closing the connection control port for the FTP session and neither end is notified so eventually the transfer is stopped.

What do I need to modify in the FW to accommodate these larger files?

Thank you

Attached are the syslogs.

1 person had this problem
Labels:
86804-Syslog.txt.zip
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎05-24-2011 04:37 PM

Hi,

You can use DCD for the control channel of FTP.

Check on this:

access-list dcd permit tcp host eq 21

class-map dcd

   match access-list dcd

Policy-map global_policy

  class dcd

   set connection timeout dcd

That will send a proove to the client and the server to check if the connection is still up, or if it is down, if the both reply, the connection will be up, otherwise, it will be dropped.

Cheers

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card