I ran into this recently with a client of mine. When uploading files (either via FTP or through a shared drive in terminal services) from the site any files larger than 200MB or so would hang in the middle of the upload as the TCP session timed out because the traffic was cut off. I started pulling apart the config on the 2911 edge router to determine what the issue was.
I trace the issue down to this particular policy which was created by CCP: sdmappfwp2p_CCP_LOW (When this policy was removed from the wan interface the issue vanished). The default config of this policy was as follows:
I first removed the highlighted drop command from the edonkey class and reapplied the inspection policy to the WAN port and the issue remained resolved!
While this fixed the issue and I was able to block eDonkey traffic with just a simple outgoing ACL to block tcp port 4662 I find it very strange that a eDonkey inspection policy would cause such problems for eDonkey traffic. I know for sure this is the only change made on the router and I'm just scratching my head at what I've found. Has anyone else run into anything like this? Is it a bug with NBAR? Mostly I'm just curious as the issue is already resolved.
Hi c.holloway, thank you VERY much for tracking this one down. I had same issue when copying over site-to-site VPN link. Was pulling my hair out tinkering around with MTU, mss, TCP window sizes, etc across the board/devices/hosts.
Sure enough, examing the stats for the policy showed the matches as the transfer(s) progressed. Removing the edonkey statement cleared it up pronto....
Odd that this is triggered on standard SMB type traffic. Using a 2901 here with Version 15.1(4)M4
I know this topic is dated/old, but wanted to give you props for this one.
I'm glad I could help you out Phil. If you don't mind, please rate the post when you have a moment since you found it helpful