Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
1
Replies

Connection to Mapped File Shared dropping on a Site-to-Site VPN

haidar_alm
Level 1
Level 1

‎11-28-2011 07:26 AM

Hello,

We've just deployed a site-to-site VPN using a 5505 ASA on the client's site and a checkpoint Nokia FW on our site. Everything seems to be fine except that the user's connections to their file shares seem to be intermittently dropping. One minute the connection to the shares is there, next thing it's lost.

There is no logic to it because no two users are experiencing issues at the same time, as a matter of fact even on the same PC where a user has access to 3 shares on 3 different servers, one could be showing as connected whereas the other two be dropping.

Any idea where I can look to trouble-shoot such an issue?

I noticed the following on the uplink interface to the outside router:

Interface Ethernet0/0 "", is up, line protocol is up

  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec   

     Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

        Input flow control is unsupported, output flow control is unsupported

        Available but not configured via nameif

        MAC address 30e4.db30.15ed, MTU not set

        IP address unassigned

        15767971 packets input, 14500966317 bytes, 0 no buffer

        Received 7 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 pause input, 0 resume input

        0 L2 decode drops

        133183 switch ingress policy drops

        12874519 packets output, 3083603673 bytes, 0 underruns

        0 pause output, 0 resume output

        64568 output errors, 56659 collisions, 0 interface resets

        0 late collisions, 35746 deferred

        0 rate limit drops

        0 switch egress policy drops

        0 input reset drops, 0 output reset drops

As you can see the Duplex and Speed are set to auto, I've rectified this since then and I'm keeping a close eye on the output errors, and collisions. However, I'm afraid that this did not rectify the issue and the users are still experiencing intermittent connection dropping to their file shares over the VPN!

Labels:
0 Helpful
1 Reply 1

david.tran
Level 4
Level 4

‎11-28-2011 08:39 AM

This is what I would do: 

#1:  hard-code both the 5005 and the switchport to 100/full.  There is no reason to set it to auto/auto because these are 10/100 and not Gig port. 

#2:  on the Nokia "internal" interface, run the following tcpdump command "tcpdump -s 0 -w /var/tmp/cifs.cap -nnni eth-sxpx host client_pc_IP_address and host servers_IP_address"

Use wireshark to read the cifs.cap file if you're seeing a lot of transmissions or the MTU is ok. 

Report back what you've found.

0 Helpful
Customers Also Viewed These Support Documents