cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1086
Views
0
Helpful
4
Replies

Problems uploading documents over SSL VPN

noepkes51
Level 1
Level 1

Hello,

We have clients uploading documents (usually PDFs under 3MB in size) up to a web interface (using http only) on an internal web server.  They clients are using the latest version of AnyConnect for windows and connecting to an ASA5510 running the latest 8.3 firmware.  They are connecting from their home network over a cable or DSL connection.

I disabled Threat detection and can't see anything being blocked by the firewall.  Everything else that our user are doing seems to be working flawlessly.

I ran a packet capture with wireshark and noticed a lot of packet loss. I have attached a screen shot.

Any advice would be greatly appreciated.

2 Accepted Solutions

Accepted Solutions

tprendergast
Level 3
Level 3

Is it possible that there is another network issue causing this?


Check the duplex/speed settings from edge to webserver, check for interface errors on ports, etc. Duplicate ACKs are caused by lost packets, out-of-order packets, etc.

View solution in original post

I would suggest that you reduce the MSS size configured on the ASA to 1300 as follows:

sysopt connection tcpmss 1300

Reconnect uploading the documents via SSL VPN after the changes above.

Hope that helps.

View solution in original post

4 Replies 4

tprendergast
Level 3
Level 3

Is it possible that there is another network issue causing this?


Check the duplex/speed settings from edge to webserver, check for interface errors on ports, etc. Duplicate ACKs are caused by lost packets, out-of-order packets, etc.

I would suggest that you reduce the MSS size configured on the ASA to 1300 as follows:

sysopt connection tcpmss 1300

Reconnect uploading the documents via SSL VPN after the changes above.

Hope that helps.

I fixed the speed/duplex and it seemed to make a huge difference.  I should have known better, seems like a rookie mistake. 

I also changed the MSS size just to be safe.  Thanks a lot for the help!

Glad we could help. Please mark your question as answered, and rate the posts that you found helpful in finding your solution.

Obscure things happen to the best of us, even if it is just duplex/speed settings somewhere in the path. That's what support forums like this are for -- bounce questions off other professionals and get peer help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: