Cisco Firewall :: Network Is Super Slow After Deny Tcp Log In ASA 5510
Jun 28, 2011
I used the ASA 5510 and in these days, facing the problem is internet is very slow. When i check in real-time log viewer debugging, i found the following logs 6|Jun 29 2011|15:47:53|106015|123.123.123.123|416|111.222.111.222|80|Deny TCP (no connection) from 123.123.123.123/416 to 111.222.111.222/80 flags ACK on interface Inside 4|Jun 29 2011|15:47:53|106023|123.123.123.123|852|111.222.111.222|80|Deny tcp src Inside:123.123.123.123/852 dst Outside: 111.222.111.222/80 by access-group "Internal_access_in" [0x0, 0x0] a lot of log message are come out and I notice that 111.222.111.222 ip is try to attack my network. In that moment, my network is very slow and nearly to be down. When I block with that ip by access list, network is up again. But after a few moment, attack from other ip, it's so terrible and so tired to block a lot of ip by acl.
View 6 Replies
ADVERTISEMENT
Aug 21, 2012
Internet VERY choppy on one computer, has happened on more than one network, both wireless and wired. I've even reinstalled Windows 7 on the machine from scratch the problem is still there.The internet goes VERY slow like 10 minutes a page sort of slow. Almost feels like its being choked but from what i can see theres no programs taking bandwidth etc.I've searched all over the net and can't find anything. I can give any information needed.The machine is currently on wireless but the wireless signal is great as i use other device on it in the same area and there perfect.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:Windowssystem32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Maru-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
[code]....
View 14 Replies
View Related
Aug 15, 2012
Normally use internet explorer 9, but I've tried Firefox and Chrome also.For some weird reason the Wi-Fi on my computer is super slow. My roommate has no problems at all. Same issue when only one of us are connected. What's really weird is that it's only on my home network the speed is a problem. At school and at other family members houses everything is working perfectly. I now use wired internet connection, and when I take a speedtest it is around 13MB, so the speed is pretty good.
I can mention that sometimes if my computer has been closed and the cable is taken out, when I turn the computer back on the Wi-Fi is suddenly working perfectly. Only for a while though, and then it's not working anymore. Has happened more rarely recently.I've been having this problem for around 7weeks now. When I first discovered the problem I tried to uninstall the latest updates (among windows updates), and it actually worked. But I want my computer to be up to date, so it's not a go to use those settings.
I have tried to reset the router to factory settings, but that did not work.We share internet with our landlord, so to privatize what we do, it's set up like this: Landlords modem -> switch in our apartment -> wireless router But that should not be problem. It's working on everyone else's computers. My mobile phone as no issues either;I've tried to update the driver on the wireless card, but it's up to date.
View 5 Replies
View Related
May 17, 2012
My firewalls are running in multiple context mode.According to my troubleshooting, the problem happens because of the following things:
1- The host 10.15.5.100 do a telnet to 10.0.6.100 using the default gateway that is the context firewall C2;
2- The packet go to the C2 and is forward through the interface e0/0 (direct connected);
3- The packet is delivered direct to the host,without passthrough the context firewall C1;
4- The host receive the packet and return the answer to the source host 10.15.5.10 using the default gateway 10.0.1.10;
5- The packet is received by the context firewall C1 and is dropped with the reason Deny TCP (no connection) syn ack;
I think the the problem is on step 4, the context C1 receive a packet that didn't pass by it before. Am I right?
View 2 Replies
View Related
Mar 27, 2011
We are getting continuously log created as below in ASA 5510. I suspect something is going wrong (like system is getting compromised ? )
Note: I have changed the actually public IP to 1.1.1.1 for some security cause.
Log..
Mar 18 21:46:19 124.153.100.44 Mar 18 2011 21:46:22: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:19 124.153.100.44 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:20 124.153.100.44 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:21 124.153.100.44 Mar 18 2011 21:46:24: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1(code)
View 3 Replies
View Related
Dec 14, 2011
I had my Dir-655 router for over a year & this is is a first.My firmware is 1.21 & I only use my router for gaming when I'm not on my PC for home use. I have only one PC in the house that is not shared, I have also not downloaded any virus or maleware.So the past month I decided to buy a wired ethernet cord to connect to my gaming systems rather than using the wireless option to get an extra bit of speed. That has been working fine up till yesterday when all of a sudden my download speeds dropped from around 20Mb down to barely 1Mb down (I can't even get the speed test site to fully load anymore). The upload & ping remains unchanged though. Only my Download speed is being affected. This is both when I'm on the PC & when I'm online gaming.
I unplugged my D-Link router & plugged my modem directly to my PC & I got back the 20+Mb speed, so the modem or cable company are not at fault (I even called them to see if there were any problems on there end).
-I tried turning off my Firewall on my PC.
-Resetting & rebooting both my modem/router/PC.
-using different DNS numbers.
-using /flushdns.
-using /Iprenew.
-Messing around with my router configurations such as:
turning off QoS Engine.
turning off wireless.
turned of MAC filtering.
unchecked "Add DHCP Reservation".
unchecked SIP.
None of it worked. I'm still browsing at around 56k dial up speed for the past day+!I read up on the internet for similar problems, but the only solutions I saw was turning off the firewall on the PC, but that hasn't worked at all.
View 4 Replies
View Related
Oct 26, 2011
My E1500 worked perfectly before. Today CiscoConnect notified me to upgrade my router. After I've done that, the wifi connection speed is super slow. But when I use hardwire to connect, the speed is as fast as before
View 9 Replies
View Related
Oct 22, 2011
Just upgraded my E4200 to firmware 1.0.03 (from 1.0.01). I have some new issues, questions, and some outstanding issues.
1) Web interface over https is now painfully slow.
2) Does DDNS work in bridge mode? DynDNS allows the sending of an update without an IP address, so it should be able to work.
3) Does accessing the management interface in bridge mode count as local or remote?
4) I'd really like to be able to get WOL working through the router. I managed to create a static DHCP reservation for 192.168.1.254 to ff:ff:ff:ff:ff:ff, but I don't think the router added that entry to the ARP table, is there any way to do this.
(I think have WOL forwarded to 192.168.1.254). 5) Should the router be providing some local dns hostnames? For example I have the device name set up in the local network setup, but it won't resolve. Similar for connected devices, especially those with with a DHCP reservation. 6) In bridge mode, does it matter which port is used to connect to the other network device? Does it have to be the WAN port?
View 6 Replies
View Related
Jun 19, 2011
For the past year my wireless has been working great and I have being playing games/doing homework with no hassle. Yestetday my internet connection became very slow. After countless restarts, router/modem resets nothing has changed and I only get like 5kb of download speed. Since my internet connection was lost naturally I unplugged the wireless card and re-plugged it, didn't change anything. After that I restarted my computer, but nothing changed. AFTER THAT I unplugged my router, then reset my router to factory settings, which did not change anything. Since everything was backed up I thought I would reinstall Windows 7 to nuke any hidden problems. After 2 reinstalls of Windows 7, nothing has changed. Next I had Comcast reset my connection with them which did not work. Though it did work with my brothers desktop. After some more time just fiddling around my connection went back to lightning speeds. no.....4 hours later my connection went dead.At all times my computer will see my network but it either will not connect to it or it is really really slow now.
Computer info: Apple Airport Extreme router Hawking HWUN3 Wireless USB ASUS P6T Motherboard
View 2 Replies
View Related
Apr 16, 2012
Two computers (XP and Win7) connected on office LAN, cisco 2960, not same switches, but all in the same rack, and link togeter, same IP subnet, tried to copy some kind of 26G files from one to another, using Windows share folders, and it showed need 23 hours to finish the copying.It's not the first time, actually we always experienced very slow speed when copying files on Windows share folders. Did not see any particualler message on the switch. ports are all full/100m.
View 9 Replies
View Related
May 17, 2012
i have got the below long on the acs 5.2,one the vpn client user connect to asa 5510
Description
Selected Shell Profile is DenyAccess
Resolution Steps
Check whether the Device Administration Authorization Policy rules are correct
View 1 Replies
View Related
Mar 21, 2011
I have one customer who is complaining about slow FTP sessions, and timeouts. Depending on the file size, it gets to about 98% down and hangs. The ASA has a CSC SSM-10 on it, and even bypassing FTP through it, the problem occurs. It is running 822-17-k8 OS. Turning the SSM off does not make any difference.
View 2 Replies
View Related
Nov 27, 2012
I am managing a firewall over remotely in my LAN itself. I started a continous ping to the Firewall IP and the response is less than 1 ms.
While applying some access control list to the firewall via putty ...Suddenly the latency is going hing and it is hitting xxxx ms. And also the acl are getting pasted on the screen by word by word. Sometimes i used to get some RTO for the Firewall IP Address inth eping response.
find the Firewall Version:
Cisco ASA 5510
Version : 7.2
Having more than 600 ACL's.
View 4 Replies
View Related
Jan 28, 2012
we have installed an asa 5510 with 3 interfaces : dmz (web server 172.20.0.59;application server 172.20.0.58; server mail 172.20.0.157), inside (lan) and outside (connected to a router for internet connexion). the problem is that the connexion internet is slow in the inside (lan). our dns is in the ouside with ip address x.x.x.60 ( the dns have translated addresse to inside and dmz 172.20.0.60). the router connected to our IPS have x.x.x.33 (our default gateway for internet). there is a simple switch between firewall and router. the inside interface of the asa is connected to catalyst cisco 6509 (the interface gigabit of the 6509 is configured to auto speed and duplex). the asa have base lisence.here is the configuration of the asa and the output of commandes show interfaces (inside, outside), show asp drop , show perform.
firewall# show run
ASA Version 8.2(1)
!
hostname firewall
domain-name xxx.xx
enable password dgft12ghkHKM123Z encrypted
passwd dgft12ghkHKM123Z encrypted
names
[code]...
View 3 Replies
View Related
Jul 4, 2012
We are using ASA 5510 with internet link of 40 MB. we are facing issue of slow download speed. we have done all basic troubleshootings like: fixed duplex full on interfaces, checked CRC reeors on interfaces.
we are using around 40 L2L VPN tunnels on same ASA.
View 3 Replies
View Related
Jul 21, 2011
In the restructuration of my company network we install due ASA 5510 in failover for the management of internal network and DMZ. We configure the ASA in routed mode, we create the sub interface for server, client and dmz subnet and we connect the firewall ti the network. Everything works very good except the intervlan routin. If i try to send or receive a file in every protocol, ftp, http, smb o if i try to conne with rdp or vns to an host in a different vlan the connection goes very very slow. I particular a ftp connection between two host goes ti 15kb/s. I check all cable and port for some error on duplex ro speed, end all the uplink are 1gb and the single client connection 100Mb. I know that the main purpose of the ASA is not doing routing stuff but this behavior is very strange.
View 1 Replies
View Related
Jan 16, 2012
We have an ASA 5510 and are experiencing unbelievably slow speeds. I noticed a problem last Thursday with users complaining of slow speeds and realized our interface had a ton of errors and was running at half duplex. I contacted the ISP (we are connected to their 3750) and they swore up and down they were set to full. So they had me switch to full and the interface shut down. I asked them to switch to auto and the interface came back up and we went to full, and of course the errors and colisions stopped. However the errors and packet drops have not stopped. The ISP sent out a technician and they determined it wasn't a problem on their end by plugging in a laptop and testing the speed--that worked fine. Eventually I plugged in a Sonicwall and bypassed the ASA completely and that worked fine. We plugged the ASA back in and we we went back to dropping packets. I put an old config on the ASA and oddly enough it seemed to have fixed the problem but we were still dropping packets. So I put the most recent config back on and that worked fine up until today. We're back in the some boat we were last week. So my first question is when I do a show int and see packets dropped - is that normal because of ACLs etc, or would that be show in another place? Here's an output of show int and show asp drop:
HQ-ASA# show asp drop
Frame drop: Flow is denied by configured rule (acl-drop) 3366 NAT-T keepalive message (natt-keepalive) 423 First TCP packet not SYN (tcp-not-syn) 406 TCP failed 3 way handshake (tcp-3whs-failed) 135 TCP RST/FIN out of order (tcp-rstfin-ooo) 462 TCP SYNACK on established conn (tcp-synack-ooo) 46 TCP packet SEQ past window (tcp-seq-past-win) 50 TCP invalid ACK (tcp-invalid-ack) 9 TCP Out-of-Order packet buffer full (tcp-buffer-full) 29 TCP Out-of-Order packet buffer timeout (tcp-buffer-
[code]....
I have not made any configuration changes to the ASA ina couple of months. The interface counters were cleared about 45 minutes ago if that's how quickly the errors/packet drops are adding up.
View 3 Replies
View Related
Feb 15, 2012
I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
View 6 Replies
View Related
Apr 22, 2012
I've setup a site to site vpn on an ASA 5510 using ASDM (as I have many times before) and the tunnel appears to be up but I am not able to pass traffic. When I run the packet tracer from my inside network to the remote destination network, it shows that it is blocked by the implicit deny ip any any rule on my inside incoming access list.
View 5 Replies
View Related
May 13, 2013
My syslog is full of %ASA-4-106023: Deny tcp src outside:---- by access-group "inbound-acl" messages. I did not configure an explict deny for the access list to log these denies.how I can disable logging of denied connections?
View 9 Replies
View Related
Aug 23, 2011
I have found this in documentation (the same statement for version 8.3 and 8.4):
" Access Control Implicit Deny #All access lists (except Extended access lists) have an implicit deny statement at the end, so unless you explicitly permit traffic to pass, it will be denied. For example, if you want to allow all users to access a network through the ASA except for one or more particular addresses, then you need to deny those particular addresses and then permit all others. "
Does it mean that now all ACLs shoud have created manualy deny ip any any rule at the end ? I have migrated one ASA to version 8.3 (no host connected and I can't test it) but after migration I don't see this rule at the end of all ACLs. Does it mean that all traffic will go throu ACLs on all interfaces ? I didn't find any information about this change in documents describing new software features [URL]
View 5 Replies
View Related
Jun 2, 2013
I'm receiving an error when trying to access a web server behind from one subinterface to another subinterface on an ASA access the public IP. I'm getting the following:
Global Static NAT Deny IP spoof from (61.X.X.X) to 201.X.X.X on interface Outside
Traffic dies at the firewall stating that the traffic is spoofed from the Global address (61.) to the static (201.) address. Both bound to the outside interface. When I create a static NAT on the firewall there is no problem; however when I'm patting against the firewall to the public IP I get the denies.
View 3 Replies
View Related
Jun 17, 2012
I'm trying to attach tacacs server (ACS Version 5.2) in server group on ASA 5520 (Version 8.4). When I test connection in ASDM (Version 6.4) between ASA and ACS it fails. The log message on ASA is:
%ASA-2-106016: Deny IP spoof from (10.8.27.126) to 10.8.48.10 on interface inside.
Packet-tracer from ASA is:
InternetASA# packet-tracer input inside tcp 10.8.27.126 4444 10.8.48.10 49
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
[code]....
What access-list or implicit rule may be the reason of denying these packets?
View 2 Replies
View Related
Sep 20, 2012
So I was doing some testing with my BB Playbook where I wanted to see what outside connections it tried to make during startup and whatnot. I have a pix 506e running 6.3(5). I created an simple 'deny ip any any' access list on the inside interface so that the Playbook doesn't actually make any connections, but I set up a 'capture' on the inside interface accepting 'ip any any' to see what kind of traffic I could see heading outbound from the Playbook. Well, it started off showing attempts to query DNS (and failed, naturally), but then after a couple of minutes, it tried to connect to a couple of IPs over port 443 and actually got a response!!! For the life of me, I can't figure out how this can happen. NO traffic should be allowed outbound due to my explicit 'deny' rule, but for some reason some traffic on port 443 made it past the firewall and got a response back. There are no other rules in the access list except the 'deny' rule. My PIX configuration is quite simple and I cannot see anything that would allow the Playbook traffic to circumvent the access list.
I've come to think that either RIM has found away around Cisco access-lists, or there is a bug in the Pix OS. I know it's an old appliance/OS, but still. I wouldn't think it could be THAT easy to bypass the firewall.
View 4 Replies
View Related
Jul 26, 2011
I have three eigrp configured routers A, B , C in a single broad cast LAN.I want to deny router A eigrp peering with router B, need to retain A peering with C. A router:no neighbor <B router lan ip> under router eigrp will work ?or how can i deny using the multicase ip address 224.0.0.10 usinng access lis an din which direction i need to apply.
View 4 Replies
View Related
Jun 29, 2011
I would like to know if exists some configuration using a WLC 4402 that deny network acces to smartphones but not to netbooks and laptops.
View 1 Replies
View Related
Oct 5, 2011
My network topology consists of 3 directly connected routers where the central router contains sensitive data and i need to block traffic from ENTERING the LAN adjoined to that router. My issue is creating an access list to DENY traffic from entering the network connected to Fa0/1 but ALLOW traffic to exit from that network. I am using one class C network which is subnetted 7 times to provide me with the required LAN's.
View 2 Replies
View Related
Oct 16, 2012
I have a PIX 515E V7.0.4 and I'm having trouble with http access between the inside interface and a DMZ zone I have. I have a web server setup in the DMZ with an web interface to upload/download files. I can connect to this interface from a workstation in the inside network but when I try to download a file it is incredibly slow. If I upload a file there are no speed issues. If I connect using an https connection then both upload and downloads are at speeds I would expect.
I have disabled http inspect but this didn't improve the speed connection.
Other http communications from inside to outside do not have any speed issues in either direction.
View 34 Replies
View Related
Aug 13, 2012
Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.
Currently the rules are as follows
Incoming External
allow ip any any
allow tcp any any
allow udp any any
default deny
[code].....
It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.
View 2 Replies
View Related
Apr 4, 2012
I am using Cisco ASA5510 Firewall in my network. The IOS is Software Version 8.0(5)24. The Flash is 512 MB and DRAM 1GB on the ASA. I want to upgrade the IOS on my Firewall and use the Latest one.
Also, what are the IOS details for upgradation. The Firewall is serving both the VPN and FW Rules.
View 7 Replies
View Related
Apr 30, 2013
BTW, the ASA is running version 7.0 (8) and I'm doing this through the command line.I've got a group of workers coming in a couple times per week that need wireless access to 1 printer on our network and internet access; I'll deny them access to the rest of our LAN.I've already configured an AP with WPA2 on a seperate subnet and put a router between it and our network. I've setup the router to apply an ACL to allow access to the printer's IP, deny to the rest of our main subnet, and permit everything else to go to our ASA 5510 that is serving as our gateway. From a laptop connected to the access point:I'm able to ping the printer's ipI'm not able to ping other workstations or our servers, as intendedI'm able to ping the ASA's inside interface The only part I can't seem to pull off is the final part of getting the ASA to translate the IP's from the new subnet to the outside interface.
So we have:
Laptop > Wireless AP > Router with ACL > Primary LAN > ASA5510 > internet
PAT is working fine for the primary LAN, but the laptop can't hit the internet.
View 7 Replies
View Related
Jul 24, 2011
I am not sure if this can be done in asa 5510. Is there any way we can configure that when our public ip goes down i get an email?
View 2 Replies
View Related
Apr 16, 2011
How to design a network setup and achieve failover in the below scenario.
(Vendor router)
L3-Switch ---- ASA FW1 ---switch-- Router 1 ------ MPLS cloud1 ----- Router A ------------ L3 switch
(Vendor router)
L3-Switch ---- ASA FW2 ---switch-- Router 2------ MPLS cloud2 ----- Router B------------ L3 switch
I am planning to achieve the failover either of the following ways -
1) Configuring both ASA FW as active/standby method .
2) configuring ASA FW 1 tracking command pointing to the ISP end ip address so the traffic would be moved to secondary firewall by putting a AD as 1 on ASA FW ......pointing to the ISP ip address and other floating route ( with a higher AD value) to the secondary firewall interface.
3) To configure HSRP between the Routers.
View 2 Replies
View Related
