07-09-2010 12:14 PM - edited 03-11-2019 11:09 AM
I've run into a weird problem. I have an ASA5505 with a very slow Internet connection that acts as an EasyVPN client. I want to upgrade the software image on it but given the speed of the Internet connection, it's going to take about 2 hours. Every time I try to upload the new image to flash, it stops after 1 hour. I guess it's because of the SSH session idle timeout value which is set to 60 minutes (max). Is there any way I can fix this problem? Thanks.
07-09-2010 12:59 PM
Hello,
If the firewall is local to you, I would suggest you downloading the file to a local computer (may be download it outside of your network) and then uploading it to the firewall from the local PC. That is much better compared to trying to load it via internet.
As far as slow connection is concerned, is it due to your ISP or do you think it is due to the firewall itself? If you think it is due to the firewall itself, you might want to check the output of "show asp drop" to see if there are any drops due to MSS exceed or Out-of-order packets. If yes, please try the following:
tcp-map tmap
exceed-mss allow
queue-limit 250
exit
access-list internet permit tcp any any
class-map internet
match access-list internet
exit
policy-map global_policy
class internet
set connection advanced-options tmap
exit
service-policy global_policy global
Hope this helps.
Regards,
NT
07-09-2010 01:50 PM
Hi, Nagaraja.
Thanks for the reply. After a few unsuccessful attempts to upload the new image, I decided to switch to some other SSH client since I noticed the uploading stopped when Putty tried to renegotiate the current SSH session. So after switching to SecureCRT, everything went without a hitch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide