Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
1
Replies

FTP through VPN over ADSL / SDSL packet size issues

stuartchalmers
Level 1
Level 1

‎11-12-2004 05:34 AM

I have a remote site connected to the Internet via ADSL (CISCO SOHO 97). The Remote site connects to my SDSL Line (CISCO SOHO 800 SDSL Router) and initiates a VPN connection to my PIX 525 Firewall.

Packets / Data of any size can be ftp from the remote site to the main site's FTP server but packets / data up to 1378 bytes can only be transferred via FTP to the remote site. FTP timeout's occurs when the packets are over 1378 bytes.

ping -f -l 1378 XXX.XXX.XXX.XXX works but a packet size of 1379 does not.

Have tried to set the fragment bit's to off,copy or clear within the global router config and within the IPSEC config. No result.

Does anyone have any ideas - help !!Thank you

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎11-12-2004 08:59 AM

It sounds like the server is setting the do not fragment bit in the FTP packets it sends to the remote office. This is a reasonable thing to do if you believe that Path MTU Discovery works. But in many environments it does not work - especially because many people set routers to deny ICMP and the ICMP error messages are a critical part of Path MTU Discovery.

Part of your issue is the amount of extra header that is added to a packet by IPSec. That is why the length gets down to 1378. I faced this issue at a customer site where we were doing IPSec. We found that the command ip tcp adjust-mss 1378 configured on the remote routers was very effective in resolving our problem. I suggest that you try this on your routers.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents