I have one customer who is complaining about slow FTP sessions, and timeouts. Depending on the file size, it gets to about 98% down and hangs. The ASA has a CSC SSM-10 on it, and even bypassing FTP through it, the problem occurs. It is running 822-17-k8 OS. Turning the SSM off does not make any difference.
View 2 RepliesI have a Cisco 871w that has been a very great product for many years. I recently switched to Windows 7 x64 on my main machine and now i am having all sorts of issues with it.. I have done a bit of research and found that it appears that it might be the firewall on the SDM that is causing the slowness issues. what does happen is that downloads from known good sites will run really slow. If i hook up my Macbook Pro or my Windows XP laptop i have no issues at all. i have tried Disabling IPv6 as well as SMB2.0 and this has not resulted in a fix at this point.
View 4 Replies View RelatedI used to get speeds that exceeded 2 mb/s and now when i download steam games it fluctuates from 0 kb/s to 2.1 mb/s in an oscillating pattern. What is wrong with my internet? games that should take less than an hour to install now take 3.
View 2 Replies View Relatedi recently done a clean install of windows xp on this laptop after having vista on there for a couple of years and ever since doing this the download speeds have seemed so much slower im not sure weather its got to do with the OS or weather its just the internet has been slow since ive installed it. Im using wireless connection to connect to my router also.
View 2 Replies View RelatedI ran a speed test with my new DIR-655 connected to my PS3 and my download is 768kbps and my upload is 1.5mbps. However, my internet connection is 50mbps and 2mbps upload on my computer connected via LAN. While I understand SOME decrease, that's slower than the previous Wireless G router that I had.
I've reset the router twice and it's currently set to the factory defaults. I've even tried setting a static ip address for the PS3 and put it into DMZ mode. However, I'm still getting the slow speeds.
Also, my iPhone 4 is getting about 14mbps download and 2mbps upload. Is that expected?
We have had a shift in our work force and find a large number of uses now working from home. Lately (this weekend) they have been complaining about VPN client downloads being very slow. I have tested the IPSec client and the SSL client and compared them to an Internet download on the network using the exact same laptop and the exact same web site www.speednet.net. Here at the office I see 50M, over both VPN's I see (if I am lucky) 1M, all reading within a 15 minute period and all over the same 600M pipe to the Internet
We have never noticed this before this work force shift to home. Eliminating all other factors, which we think we have, would you expect VPN clients to behave this way?
MTU is set at default from day one. The only thing we have done to VPN configuration over the last week was to add a tunnel gateway to the ASA 5540 VPN configuration which is only a hop away from the firewall inside interface.
I will provide configuration data if you request but my question is just a general one at this point. Is this normal and can you make a suggestion as to how we can improve? We are research, running wireshark on the test laptop so as the day progresses we will have more information to provide if needed.
I just built a new computer with most of the bells and whistles. Asus P8Z77-V pro motherboard, Intel I7 3770K CPU, NVIDIA GTX 560TI, SSD for my boot drive, HDD for storage both running on SATA III, 16 GB of RAMMy problem is that when I connect to the internet via an ethernet cord, my download speeds are about 58 MBPS which is fine but upload speeds are only about .3 mbps. I have changed cables 3 times and connected directly to the modem rather than the router which would indicate an ISP issue. The kicker is that when I disable the LAN network and enable my wireless network, I get slower download speeds as expected but my upload speeds are closer to 5 MBPS, more than 10X times faster which throws my ISP theory out the window a bit.
View 1 Replies View Relatedthe download speed of my downloads has been very slow, and most of the RAR files I download get RAR CRC errors like theseMy desktop has no active firewall on, and is clean from Maleware.What could be the problem with so many bad CRC files being downloaded?
View 1 Replies View RelatedI have decent Bandwidth, high download speeds (25.67mbps) low ping(16ms) And okay upload speeds (4.47mbps). I usually browse Reddit and my father usually plays CoD. The problem is, whenever I try and download anything, his game slows down to where he gets kicked from the room.
View 3 Replies View RelatedOn certain downloads, Wifi speed seems to be throttled to about 100kB/s. I see this mostly on two BlackBerry Z10s, but also just saw it on my Wifi-connected PC when trying to download the latest DIR-655 firmware. The Z10s are screaming fast on Wifi at my work. They also do fine on YouTube and any other high bandwidth applications (I just tried Speedtest and got 11Mb/s). I think I can say that the slow speed is only when I'm downloading apps or updates on the phones.
I just updated my DIR-655 to the latest FW and have spent an hour flicking settings trying to find something that makes a difference. No luck. As it stands now, I'm downloading the latest OS upgrade to BB10 (345MB) at 100kB/s.
I recently switched to cable with Comcast. I am getting 20+Mbps wired, but I only get 1 Mbps w/wireless download. I am getting 4+ upload via wireless. Is my set up wrong? I reset my modem and Internet worked fine without any other changes. I am planning on buying a modem (instead of leasing) should I buy a gateway? I didn't think this router was out dated yet.
View 2 Replies View Relatedi have a 4Mbps DSL internet connection with 3 PCs connected through a router. 2 are connected wirelessly and the other is wired via an ethernet cable. i noticed that when downloading a file from an international server, the transfer rate on the wireless PCs is 2-3 times slower than on the wired PC. the wireless PC would get about 150-200kb/s, whereas the wired PC can max out to 450kb/s on a single download. however when i download from a local or nearby server instead, the transfer rate on the wireless and wired PCs are the same and can both reach up to 450kb/s per download. i don't understand why the wireless connection is slower to international servers compared to the wired PC.my wireless signal is at 54Mbps with "excellent" strength. i also tested the ping results from both the wireless and wired PCs to international servers and they are pretty much the same.
- all PCs are running windows XP SP3
- the modem/router is a D-Link 2640B
I am managing a firewall over remotely in my LAN itself. I started a continous ping to the Firewall IP and the response is less than 1 ms.
While applying some access control list to the firewall via putty ...Suddenly the latency is going hing and it is hitting xxxx ms. And also the acl are getting pasted on the screen by word by word. Sometimes i used to get some RTO for the Firewall IP Address inth eping response.
find the Firewall Version:
Cisco ASA 5510
Version : 7.2
Having more than 600 ACL's.
we have installed an asa 5510 with 3 interfaces : dmz (web server 172.20.0.59;application server 172.20.0.58; server mail 172.20.0.157), inside (lan) and outside (connected to a router for internet connexion). the problem is that the connexion internet is slow in the inside (lan). our dns is in the ouside with ip address x.x.x.60 ( the dns have translated addresse to inside and dmz 172.20.0.60). the router connected to our IPS have x.x.x.33 (our default gateway for internet). there is a simple switch between firewall and router. the inside interface of the asa is connected to catalyst cisco 6509 (the interface gigabit of the 6509 is configured to auto speed and duplex). the asa have base lisence.here is the configuration of the asa and the output of commandes show interfaces (inside, outside), show asp drop , show perform.
firewall# show run
ASA Version 8.2(1)
!
hostname firewall
domain-name xxx.xx
enable password dgft12ghkHKM123Z encrypted
passwd dgft12ghkHKM123Z encrypted
names
[code]...
I used the ASA 5510 and in these days, facing the problem is internet is very slow. When i check in real-time log viewer debugging, i found the following logs 6|Jun 29 2011|15:47:53|106015|123.123.123.123|416|111.222.111.222|80|Deny TCP (no connection) from 123.123.123.123/416 to 111.222.111.222/80 flags ACK on interface Inside 4|Jun 29 2011|15:47:53|106023|123.123.123.123|852|111.222.111.222|80|Deny tcp src Inside:123.123.123.123/852 dst Outside: 111.222.111.222/80 by access-group "Internal_access_in" [0x0, 0x0] a lot of log message are come out and I notice that 111.222.111.222 ip is try to attack my network. In that moment, my network is very slow and nearly to be down. When I block with that ip by access list, network is up again. But after a few moment, attack from other ip, it's so terrible and so tired to block a lot of ip by acl.
View 6 Replies View RelatedWe are using ASA 5510 with internet link of 40 MB. we are facing issue of slow download speed. we have done all basic troubleshootings like: fixed duplex full on interfaces, checked CRC reeors on interfaces.
we are using around 40 L2L VPN tunnels on same ASA.
In the restructuration of my company network we install due ASA 5510 in failover for the management of internal network and DMZ. We configure the ASA in routed mode, we create the sub interface for server, client and dmz subnet and we connect the firewall ti the network. Everything works very good except the intervlan routin. If i try to send or receive a file in every protocol, ftp, http, smb o if i try to conne with rdp or vns to an host in a different vlan the connection goes very very slow. I particular a ftp connection between two host goes ti 15kb/s. I check all cable and port for some error on duplex ro speed, end all the uplink are 1gb and the single client connection 100Mb. I know that the main purpose of the ASA is not doing routing stuff but this behavior is very strange.
View 1 Replies View RelatedWe have an ASA 5510 and are experiencing unbelievably slow speeds. I noticed a problem last Thursday with users complaining of slow speeds and realized our interface had a ton of errors and was running at half duplex. I contacted the ISP (we are connected to their 3750) and they swore up and down they were set to full. So they had me switch to full and the interface shut down. I asked them to switch to auto and the interface came back up and we went to full, and of course the errors and colisions stopped. However the errors and packet drops have not stopped. The ISP sent out a technician and they determined it wasn't a problem on their end by plugging in a laptop and testing the speed--that worked fine. Eventually I plugged in a Sonicwall and bypassed the ASA completely and that worked fine. We plugged the ASA back in and we we went back to dropping packets. I put an old config on the ASA and oddly enough it seemed to have fixed the problem but we were still dropping packets. So I put the most recent config back on and that worked fine up until today. We're back in the some boat we were last week. So my first question is when I do a show int and see packets dropped - is that normal because of ACLs etc, or would that be show in another place? Here's an output of show int and show asp drop:
HQ-ASA# show asp drop
Frame drop: Flow is denied by configured rule (acl-drop) 3366 NAT-T keepalive message (natt-keepalive) 423 First TCP packet not SYN (tcp-not-syn) 406 TCP failed 3 way handshake (tcp-3whs-failed) 135 TCP RST/FIN out of order (tcp-rstfin-ooo) 462 TCP SYNACK on established conn (tcp-synack-ooo) 46 TCP packet SEQ past window (tcp-seq-past-win) 50 TCP invalid ACK (tcp-invalid-ack) 9 TCP Out-of-Order packet buffer full (tcp-buffer-full) 29 TCP Out-of-Order packet buffer timeout (tcp-buffer-
[code]....
I have not made any configuration changes to the ASA ina couple of months. The interface counters were cleared about 45 minutes ago if that's how quickly the errors/packet drops are adding up.
I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
Running into a bit of a problem. Anytime I try to download a large file through our 5510 the download fails at different points. Cannot download via a download manger at all. I see nothing in the logs which are set to infomational.
I can connect my laptop to our internet connection outside the firewall and HTTP and download manager downloads connect and finish just fine. I go through and scrub my config for posting?
I Have a 2821 Router with a IOS Version 12.4(13r)T. When i enabled the firewall, my download speed slows down to 10-20kbps (the normal is 5-6 Mbps).
View 11 Replies View RelatedI got a stange vpn problem, just added a new vpn tunnel to our ASA5510 and then the users report that the traffic through the tunnel is very slow, when I try it myself I get a speed like 50kb/sec to the internal server.If I use our regular tunnel or any other tunnel the speed is just fine. I´ve added the new tunnel in the same way as the other tunnels, that is thorugh ASDM vpn wizzard.
View 2 Replies View RelatedI am experiencing slow throughput on a L2L IPsec tunnel that we have between one of our offices on the west coast (WC) US and another on the east coast (EC) US. The tunnel endpoint on the WC resides on a 5510 and a 5545x on the EC. The DIA circuit speed on the WC is 45 Mbps and 200 Mbps on the EC. The throughput of this IPsec tunnel is maxing out at approx. 4 – 5 Mbps. The utilization of the DIA circuits at both offices is under 5% when running various FTP test transfers. Both devices have low memory and CPU utilization.
We have a 2nd office on the EC (45 Mbps DIA) which I built a tunnel on a 5510 with the WC office and it is experiencing the same slow throughput. In covering all my bases we have a colocation facility on the WC and in building a tunnel between the 2 WC offices I WAS seeing close to full line rate speeds over the tunnel. Additionally, I built a tunnel between the 2 EC offices and I saw full line rate speeds. With the physical distance between the WC & EC offices I would expect some loss in throughput speeds but I would not expect it to drop as low as 4 – 5 Mbps. In thinking something may be up with the 5510 in our WC office we shipped a 5505 to the WC office and we built the same IPsec tunnels on it and it is experiencing the same.
In working with our support vendor to try and solve the WC <-> EC throughput issue they had me change the MTU, TCP mss, DF-bit, types of encryption/hash on the IPsec tunnel but nothing has resolved it. We are not showing fragmentation or PMTU issues on the tunnel. In contacting the ISP of our WC office they mentioned that they do not have any type or rate limiting in place. Our WC ISP had a CCIE review our configurations but nothing was found.
I have a 100mbps internet connection from my ISP but once the connection hits the ASA the download speed gets reduced to 15mbps. My network is setup as follows: ISP Modem ---- Edge Switch ----- ASA --- Internal Cisco Switches
If I plug my computer into an extra port on the Edge Switch I get speeds around 92mbps with normal traffic still going to the ASA. But when I plug into the ASA and internal switches I have speeds of 15mbps.
I have made sure that duplex/speed match on the links. I have done packet captures and within two minutes I do have several dup acks and retransmissions. The retransmissions don't seem to match the dup acks. (The retransmission is not for the dup ack requested so the dup ack keeps being resent)
The only interface error is on the inside interface which includes 700 overruns in a weeks worth of time.I am not using an IPS/IDS. I do have several vpns on it but was not going through a vpn tunnel. I am also using NAT.I am using an ASA 5510 8.2(1)
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies View RelatedWe were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedI would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies View RelatedI am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies View RelatedI have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?