09-07-2010 09:01 PM - edited 03-11-2019 11:36 AM
I have an ASA 5510 running 8.2(2) with all an outside, inside and dmz port. Have a server in the dmz running an uploading application. I have no problem uploading files from outside the network to the dmz server, but when uploading from the inside is when I have issues. I am able to upload a 250MB PSD file but the application fails when trying to upload a 100MB FLV file. Again, both these files will upload just fine from an outside connection and when sending from within the DMZ. We have tried other types of files and a smaller FLV with some success, but it seems that when I try to upload a compressed video file that is over say 30MB, the upload fails...again from the outside it works just fine with any file that I throw at it.
I have tried natting the traffic from inside to dmz and tried without nat. I have been on the phone with Cisco TAC and they have gone over my config and tell me that this should work. There are no errors on the ASA. We have have looked at the application and there are no errors either. This seems like the TCP connection gets interrupted.
Has anyone had any issues uploading files to a server in their DMZ from the Inside interface, but from any other connection it works fine? I know this is probably something simple and I am just over analyzing it, so any help will be greatly appreciated.
Thanks in advance.
09-08-2010 02:05 PM
this is the second file...too large for one post
09-08-2010 02:10 PM
And this is a failed 96MB FLV file. the captures are a lot smaller and I don't see the drops like before.
09-09-2010 01:35 PM
Hey Mike,
I have tried all the solutions that were suggested and what I could find on the Internet. I have added a second NIC to the server and gave it an internal address and the uploads work like they are supposed to. I really don't know what else to try.
Joe
09-09-2010 01:41 PM
Hi Joe,
Were you able to setup the ASP drop captures that Sachin suggested? If so, did you see any packets from the transfer being dropped?
If not, try to setup this capture:
capture drop type asp drop all
Then, do 'clear asp drop' to clear the drop counters, start the transfer, and then do 'show asp drop' and 'show cap drop' to see if any of the packets from the upload are being dropped by the ASA.
-Mike
09-09-2010 01:45 PM
Also, it's odd that only FLV files are failing. Do you have any IDS/IPS devices in the network that would be inspecting these packets? Any HTTP proxies that would be inline with these transfers?
-Mike
09-09-2010 01:48 PM
Yes, i do have an IPS on this ASA.
No HTTP proxies
09-09-2010 01:51 PM
Hi Joe,
Have you tried disabling the IPS temporarily and see if the issue continues? If it's an AIP module, you can use the 'no ips inline' or 'no ips promiscuous' command inside the active policy-map. Try that and let us know if the issue remains without the IPS being active.
-Mike
09-09-2010 02:11 PM
I've taken the IPS out of the mix and still have the same result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide