RE: Telnet session traversing PIX are timingout [7:53490]

Tue, 17 Sep 2002 11:18:44 -0700 

I've seen this issue before with SSH timing out over a perfectly good
connection without packet loss.  The problem was with the MTU size being too
small and the packet was getting dropped.  
The packet was going through a VPN tunnel through the network to a VPN
concentrator.
Here's an example.  
The telnet packet was  1435 bytes in size including all the headers.
The Router maximum MTU was  1456 for example. 
So far so good... Looks like it should get through, correct ports are open
etc..
Now the VPN encryption adds an extra  25 bytes for example ( I don't have
exact numbers).
Now you have a packet that is Encapsulated with encryption for a total size
of 1460 bytes.
Oh and what also happens is the VPN will put a DO NOT Fragment flag on the
packet, because of the encryption.
Whats going to happen once that packet hits the router with an MTU size of
1456?  
It gets dropped because the packet is too large.   What happens to the
telnet or SSH session, is it starts dropping packets and then times out.  It
doesn't receive and ACK's from the other end and thinks it is timing out.

So A.  Is there VPN involved?  If so, could be MTU issue.
   B.  Check the MTU size.    Send some large sized pings over 1400 bytes in
size with the Do not Fragment Flag.  Find out if and where the MTU is set
too low.
   C.  Of course check for packet loss or extreme latency.


Welp hopefully this helps from my experiences with this type of issue.


Eddie
Corio Inc.
   



-----Original Message-----
From: KM Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: Telnet session traversing PIX are timingout [7:53490]


Hi,

I have telnet sessions that orginate on the internal side of a PIX to a 
server on the external side that are timing out (after 60 seconds).  Is 
there a command to increase the timeout period for telnet? If there is what 
is the max?

TIA
KR



_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53501&t=53490
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to