Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2584
Views
7
Helpful
6
Replies

SYN timeout connecting to a server through the VPN

eringuet
Level 1
Level 1

‎10-20-2008 05:14 PM - edited ‎02-21-2020 03:59 PM

Hello,

I have a very odd problem. When connected to the VPN, I can connect to all my servers without problem on any services. On a single server, when I try to connect to Windows shares, it doesn't work. My event log shows nothing on the client or on the server but I get this from the ASA:

10-20-2008 20:54:45 Local4.Info 192.168.1.1 %ASA-6-302014: Teardown TCP connection 288013 for outside:192.168.2.1/1566 to inside:192.168.1.9/445 duration 0:00:30 bytes 0 SYN Timeout (user)

At home I'm on 192.168.50.xx, the lan at work is 192.168.1.xx and the VPN range is 192.168.2.xx.

Any ideas?

ER

Labels:
0 Helpful
6 Replies 6

ajagadee
Cisco Employee
Cisco Employee

‎10-20-2008 06:58 PM

Hello ER,

From the problem description, it looks like a routing issue. Because, you are not seeing the 3-way TCP Handshake.

What is the default gateway on the server with IP Address 192.168.1.9. Is the default gateway pointing to the ASA or a different device. If the default gateway is pointing to a different devices, does this server know that it needs to route the packets destined to 192.168.2.x back to the ASA.

Regards,

Arul

** Please rate all helpful posts **

eringuet
Level 1
Level 1
In response to ajagadee

‎10-21-2008 04:46 AM

Hi Arul,

This server is configured the same way the rest are. I can connect to the webserver or remote desktop to it. It is only happening with SMB.

That's weird... Can it be a MTU issue?

ER

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to eringuet

‎10-21-2008 06:15 AM

Hello ER,

Thanks for the confirmation. If everything is configured correctly and the issue is only across the VPN Tunnel, your symptoms closely match Bug ID CSCsf23145.

Please refer the release notes for details:

http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn722.html

CSCsf23145

Unable to complete large uploads through VPN if packet loss occurs

Please use the below URL to look up the bug id and the version that has the fix.

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

eringuet
Level 1
Level 1
In response to ajagadee

‎10-21-2008 07:28 AM

Hello,

I'm running the 7.2(4) software.

I can connect to the server using remote desktop but if I do \\192.168.1.9 it says: "No provider has accepted the given network path".

I looked at the MTU locally using ping 192.168.1.9 -f -l and only 1272 will work. That means my network is using a MTU of 1300?

Is it set on the switches? They're Cisco 2960.

Also, on my ASA the MTU is set to 1500 for all interfaces, could that cause problems?

I'm puzzled because I can connect to the rest of the servers...

ER

0 Helpful

eringuet
Level 1
Level 1
In response to eringuet

‎10-28-2008 08:42 AM

Bump.

I am still trying to find the source of the problem. Any advice on how to investigate?

ER

0 Helpful

eringuet
Level 1
Level 1
In response to eringuet

‎10-29-2008 10:35 AM

Ok, I found what the problem was. The firewall was set for the local subnet only. My old vpn was giving IPs from the same range...

Sometimes you look too far!

Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents