Problem with FTP file transfer over site-to-site VPN tunnel
We are using an ASA-5520 running 9.1(7) (very soon to be replaced by a Firepower), and we're having a problem with a vendor using an existing VPN tunnel to transfer files via FTP. The files in general are quite small, e.g. a few KB, and these transfer just fine. The files a couple hundred KB to MB fail on transfer, and the user gets an error similar to the following:
Error: Critical file transfer error after transferring 524,288 bytes in 1 second.
The receive file size is set to "0", and the owner of the server (based on the file size and logs) doesn't believe it's a server-related issue. There are various timeout set on the firewall, but these are standard, and we're not having other file size problems.
Does anyone have an idea of what I might check out? Thank you.
Are you using active FTP or Passive FTP. Just make sure that data channel ports are allowed. If the file size after disconnect is zero, it seems that data channel isn't established.
You can also run wireshark on the server to confirm if actual data transfer is happening or not. This helps to isolate data channel establishment.
Additionally, confirm if fragmentation is taking place or not. Fragmentation usually cause slow copying. This can be confirmed using wireshark by looking at receiving segments and see if you are receiving fragments. In this case, you need to tweak MSS/MTU.
Mohammed, thanks for your reply. FTP is passive, and the smaller files transfer just fine. I should be able to get the vendor to run a Wireshark, but I'll re-run the packet-capture on the ASA and see if I can discover something there as well. This firewall is underpowered for our organization, and it's slated to be replaced in a month. When I do run a packet capture, CPU goes up to around 95+%, and users complain about Internet speed slowing down significantly.
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...