[c-nsp] FTP Problem - Cisco ASA Box
Paul Stewart
pstewart at nexicomgroup.net
Thu Aug 31 08:36:25 EDT 2006
Thanks very much.. That would explain some throughput issues I'm seeing
currently as well...
Paul
-----Original Message-----
From: Pekka Savola [mailto:pekkas at netcore.fi]
Sent: Thursday, August 31, 2006 12:54 AM
To: Jason Lixfeld
Cc: Paul Stewart; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] FTP Problem - Cisco ASA Box
autolearn=ham version=3.1.4
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
otso.netcore.fi
X-pstn-levels: (S:99.90000/99.90000 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1
X-pstn-addresses: from <pekkas at netcore.fi> [1917/75]
Return-Path: pekkas at netcore.fi
X-OriginalArrivalTime: 31 Aug 2006 04:56:19.0671 (UTC)
FILETIME=[CC633E70:01C6CCB9]
On Wed, 30 Aug 2006, Jason Lixfeld wrote:
> Looks like you modified your policy-maps from the defaults, so try
> adding an inspect ftp to your policy-map and see if that helps.
FWIW, Cisco IOS Firewall's FTP inspection breaks (throughput degraded to
a couple of dozen kilobytes per second) if you're using large TCP
receive buffers (e.g., Linux kernel >=2.6.17) so watch out if you're
using it. A case has been opened but I don't know its status.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the cisco-nsp
mailing list