Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
857
Views
0
Helpful
2
Replies

Very slow SSH upload from client to our cloud through site-to-site VPN

dknox0001
Level 1
Level 1

‎05-25-2016 01:51 PM

I'm running a cloud-datacenter that currently consists of two ASA-5515's running ASA912-smp-k8.  I'm limited by the amount of information I can provide, so I won't be posting the running config.  Long story short, we have 2 clients running cisco equipment that are connected via a site-to-site vpn configuration to our active/passive 5515 cluster.  The clients can upload/download over FTP TCP21 w/o issue but when the client tries to upload over SFTP/SSH TCP22 the transfer rate is unbelievably slow but the download is normal (similar to trans speed with FTP traffic).

We conducted a test whereby the FTP server listens on port 22 temporarily and the client was able to upload to the FTP server without issue using the FTP protocol.

We have other, similar configurations running SFTP via a site-to-site VPN w/ Cisco appliances and we've had no issue.

I've been researching this issue for more than a week, trying different ciphers/kex algorithms on the SFTP server and we've tried different sftp software packages (freeftpd, cygwin, ubuntu, etc.) all with the same problem.

Given that we've tried different algorithms/ciphers, server software packages, and successfully uploaded files using FTP over port 22 - my only recourse is to blame the appliances and say that the appliance doesn't like the protocol in use.

Has anyone else encountered this issue?

I'll be updating the ASA software this evening to asa917-6-smp-k8.bin in hopes that this was a bug that has been found and fixed, but figured that while I was waiting to perform this update I could type this up.

Thanks for any help you can provide.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Nicholas Travis
Level 1
Level 1

‎05-25-2016 05:21 PM

Can you provide what the actual upload and download speeds are your seeing?  Also to clarify your trying to SFTP to something behind the ASA not the ASA itself right?

0 Helpful

dknox0001
Level 1
Level 1
In response to Nicholas Travis

‎05-25-2016 05:24 PM

Sorry, yes using sftp protocol 300+KB/sec download, upload is about 3KB/sec.

Using FTP protocol 300+KB/sec up/down.

Yes, it's a SFTP server behind the ASA - not the ASA itself.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents