Cisco Firewall :: Slow Internet Connection Behind ASA 5510 IOS 8.2?
Jan 28, 2012
we have installed an asa 5510 with 3 interfaces : dmz (web server 172.20.0.59;application server 172.20.0.58; server mail 172.20.0.157), inside (lan) and outside (connected to a router for internet connexion). the problem is that the connexion internet is slow in the inside (lan). our dns is in the ouside with ip address x.x.x.60 ( the dns have translated addresse to inside and dmz 172.20.0.60). the router connected to our IPS have x.x.x.33 (our default gateway for internet). there is a simple switch between firewall and router. the inside interface of the asa is connected to catalyst cisco 6509 (the interface gigabit of the 6509 is configured to auto speed and duplex). the asa have base lisence.here is the configuration of the asa and the output of commandes show interfaces (inside, outside), show asp drop , show perform.
firewall# show run
ASA Version 8.2(1)
!
hostname firewall
domain-name xxx.xx
enable password dgft12ghkHKM123Z encrypted
passwd dgft12ghkHKM123Z encrypted
names
[code]...
View 3 Replies
ADVERTISEMENT
Jul 4, 2012
We are using ASA 5510 with internet link of 40 MB. we are facing issue of slow download speed. we have done all basic troubleshootings like: fixed duplex full on interfaces, checked CRC reeors on interfaces.
we are using around 40 L2L VPN tunnels on same ASA.
View 3 Replies
View Related
Jan 16, 2012
We have an ASA 5510 and are experiencing unbelievably slow speeds. I noticed a problem last Thursday with users complaining of slow speeds and realized our interface had a ton of errors and was running at half duplex. I contacted the ISP (we are connected to their 3750) and they swore up and down they were set to full. So they had me switch to full and the interface shut down. I asked them to switch to auto and the interface came back up and we went to full, and of course the errors and colisions stopped. However the errors and packet drops have not stopped. The ISP sent out a technician and they determined it wasn't a problem on their end by plugging in a laptop and testing the speed--that worked fine. Eventually I plugged in a Sonicwall and bypassed the ASA completely and that worked fine. We plugged the ASA back in and we we went back to dropping packets. I put an old config on the ASA and oddly enough it seemed to have fixed the problem but we were still dropping packets. So I put the most recent config back on and that worked fine up until today. We're back in the some boat we were last week. So my first question is when I do a show int and see packets dropped - is that normal because of ACLs etc, or would that be show in another place? Here's an output of show int and show asp drop:
HQ-ASA# show asp drop
Frame drop: Flow is denied by configured rule (acl-drop) 3366 NAT-T keepalive message (natt-keepalive) 423 First TCP packet not SYN (tcp-not-syn) 406 TCP failed 3 way handshake (tcp-3whs-failed) 135 TCP RST/FIN out of order (tcp-rstfin-ooo) 462 TCP SYNACK on established conn (tcp-synack-ooo) 46 TCP packet SEQ past window (tcp-seq-past-win) 50 TCP invalid ACK (tcp-invalid-ack) 9 TCP Out-of-Order packet buffer full (tcp-buffer-full) 29 TCP Out-of-Order packet buffer timeout (tcp-buffer-
[code]....
I have not made any configuration changes to the ASA ina couple of months. The interface counters were cleared about 45 minutes ago if that's how quickly the errors/packet drops are adding up.
View 3 Replies
View Related
Oct 31, 2012
I had an experience this week of installing a 5510 ASA with 8.4.3, also tried 8.4.4(1) with the strange effect that I randomly was losing contact with the internet. The interface stayed up/up. no errors or what so ever on the interface. Reseat of the DSL wire no result. Reseat of the outside interface cable made it work again. And after some time lost connectivity again. It did not recover by itself so had to let someone do a reseat again and again and.... The outside was using DHCP client. A lease was given and an IP also. Nothing strange to find. Talked to the provider which could see the DSL and the DHCP lease. Finally I downgraded the firmware to 8.4.2 and the problem was solved.
output
interface Ethernet0/0
nameif outside
[Code].....
View 1 Replies
View Related
Nov 14, 2012
I'm owner of Cisco RV082 router and I have a problem with firewall setup.I would like to deny internet access on port 80 (all sites) for group of users, and allow them internet access for one site by HTTPS (443)After applying rules internet connection is really slow.. Users have to wait something like a 30 sec for a website..I descovered that the reason for slow internet connection is DENY rule. After disbling DENY rule everything works fine..Now I have a few rules added to firewall:
Priority:1 Action: Deny Service: HTTP(80) Source interface: LAN Source:10.82.0.51-10.82.0.245 Destination: Any
Priority:2 Action: Allow Service: HTTPS(443) Source interface: LAN Source: 10.82.0.51-10.82.0.245 Destination: 80.64.59.42
What's wrong with those firewall settings?
View 1 Replies
View Related
Jan 3, 2012
so i have a ASA 5510. The ASA is Connect with the Internet through PPOE DSL MODEM
The outside Interface get an IP. The Inside Interface get through DHCP from the ASA the Internet DNS SERVER (T-Online) But the HOST do not connect to the Internet because the DNS Server is timed out
Code...
View 10 Replies
View Related
Apr 10, 2011
Using Cisco ASA5510 Security Plus (Post May 2010) with 8.2(1)
I was trying to limit the number of internet IP Address that can initiate Remote Access VPN connection to the firewall. I have plan to only allow internet IP Address from few ISPs for control.
However, blocking AHP, ESP, ISAKMP, NON500-ISAKMP, and IPSec Over TCP Port Assigned in the firewall outside interface doesn't work. But it works by putting the ACL in the router before the firewall. It seems that the firewall have a "hidden" process VPN first before user entered ACL (or explicit rule), similar to Checkpoint FW's implied rule. How to get around it?
View 4 Replies
View Related
Mar 21, 2011
I have one customer who is complaining about slow FTP sessions, and timeouts. Depending on the file size, it gets to about 98% down and hangs. The ASA has a CSC SSM-10 on it, and even bypassing FTP through it, the problem occurs. It is running 822-17-k8 OS. Turning the SSM off does not make any difference.
View 2 Replies
View Related
Nov 27, 2012
I am managing a firewall over remotely in my LAN itself. I started a continous ping to the Firewall IP and the response is less than 1 ms.
While applying some access control list to the firewall via putty ...Suddenly the latency is going hing and it is hitting xxxx ms. And also the acl are getting pasted on the screen by word by word. Sometimes i used to get some RTO for the Firewall IP Address inth eping response.
find the Firewall Version:
Cisco ASA 5510
Version : 7.2
Having more than 600 ACL's.
View 4 Replies
View Related
Jun 28, 2011
I used the ASA 5510 and in these days, facing the problem is internet is very slow. When i check in real-time log viewer debugging, i found the following logs 6|Jun 29 2011|15:47:53|106015|123.123.123.123|416|111.222.111.222|80|Deny TCP (no connection) from 123.123.123.123/416 to 111.222.111.222/80 flags ACK on interface Inside 4|Jun 29 2011|15:47:53|106023|123.123.123.123|852|111.222.111.222|80|Deny tcp src Inside:123.123.123.123/852 dst Outside: 111.222.111.222/80 by access-group "Internal_access_in" [0x0, 0x0] a lot of log message are come out and I notice that 111.222.111.222 ip is try to attack my network. In that moment, my network is very slow and nearly to be down. When I block with that ip by access list, network is up again. But after a few moment, attack from other ip, it's so terrible and so tired to block a lot of ip by acl.
View 6 Replies
View Related
Jul 21, 2011
In the restructuration of my company network we install due ASA 5510 in failover for the management of internal network and DMZ. We configure the ASA in routed mode, we create the sub interface for server, client and dmz subnet and we connect the firewall ti the network. Everything works very good except the intervlan routin. If i try to send or receive a file in every protocol, ftp, http, smb o if i try to conne with rdp or vns to an host in a different vlan the connection goes very very slow. I particular a ftp connection between two host goes ti 15kb/s. I check all cable and port for some error on duplex ro speed, end all the uplink are 1gb and the single client connection 100Mb. I know that the main purpose of the ASA is not doing routing stuff but this behavior is very strange.
View 1 Replies
View Related
Feb 15, 2012
I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
View 6 Replies
View Related
Nov 5, 2011
I have problem with my Internet connection. Recently my Internet connection often get slow. There are 3 connections on the server running Windows Server 2003. 1st is External, 2nd is Internal and 3rd is VPN (please see attahement). There is nothing to do with External and Internal connections, and everytime the Internet connection get slow, I have to disconnection VPN (connection) and connect it again.
View 5 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Jan 24, 2011
We have a 4mbps unlimited connection and the internet speed which is connected via wireless to 2 systems, is good in one system out of two. the connection in one alone is very slow i mean dead slow.
View 2 Replies
View Related
Apr 26, 2012
For the past two weeks or so, my internet connection on my pc has become extremely slow(from 200kb to 10). Not only has it gotten slower, i also cannot download anything without the connection stopping. The problem, i believe began a couple months ago with just youtube videos streaming slower and downloads stopping ever few minutes, but until these past two weeks its never been that much of a issue. I know the problem is isn't my dsl because it works fine with other internet capable electronics so it must be a software/driver issue.The svchost uses up 100% of the CPU when something tries to update so it likely might be a windows based program acting up.
View 7 Replies
View Related
Dec 20, 2011
I have just put an ASA5510 in place and have the following setup:
Interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
[Code]....
I have connected my stations to an ESW540 inside of the Int Eth0/1 and am able to get ip addresses to the stations as well as DNS addresses. I cannot however connect to the outside connection in any way. From a computer connected to the ESW540 with a DHCP assigned IP address, I can ping the computer's IP, the ESW540's IP, and even 192.168.15.1. But I cannot ping the ip address from the Int Eth0/0, nor anything beyond 192.168.15.1.
From inside of the console of the ASA, I can ping all addresses of all ports as well as devices outside of the building and inside of ESW540.
View 6 Replies
View Related
Feb 21, 2013
I have my router connected to my ISP, but for some reason I am getting really slow internet connection compared to a home Linksys router. I can only think it may be to the fact my port is set to auto speed and auto duplex.
Sometime the websites are fast, other times slow. Cannot seem to pinpoint the reason since my code is so basic.
View 8 Replies
View Related
Jan 22, 2011
I've connected my 3 pc's to share file printer and internet using peer to peer connection but on the clients pc the internet connection is soooo slow? my two computers are windows XP an d one Windows7.
View 1 Replies
View Related
Apr 28, 2012
I'm suffering with this annoying internet connection for a months. I'm using a router (tp-link) which I think the source of the problem ,yet I'm not sure. I'm a connected to the router via cable.My download speed is 10kps and below, we already contacted our ISP and change the cable yet the problem is still there.
View 5 Replies
View Related
Nov 26, 2011
I subscribe to Comcast internet service, at 10 mb/s. When connected wirelessly on my HP laptop, my internet is painfully slow, around 490 kb/s. However on my other laptop (a Sony VAIO) the internet speeds (wireless as well) are fine. Also, when I connect the HP by ethernet, the internet motors along at full speed. My specs are below[CODE]
View 1 Replies
View Related
May 20, 2011
I recently upgraded my internet speed to 10 MB (used to be 5) but the internet speed in my PC got slower.I ran a speed test and the download rate was 2 MB while on my laptop it was 10 MB. My PC is clean of viruses and its connected to the integrated router via cable.
View 5 Replies
View Related
May 28, 2011
I have got ADSL 196kbps PPPoe internet connection and lately there has been some problems with it. Sometimes the internet connection disconnects itself and again reconnects. And the internet connection is getting very slow. While downloading, I am able to download at full speed only at those download providers which provides full speed but at other download providers I am able to download with not even half speed. While browsing, the internet loses connectivity sometimes and from my guess I am able to browse with only half the speed. I have tried in different browsers and it is same with all of them.
View 14 Replies
View Related
Mar 3, 2013
For some reason my internet connection went slow overnight one day it was fine the next it loads pages really slowly at all times of day. Not sure what changed but it is really annoying. I checked that my router is ok and tested the speed and it is as it was before - average speed 2mbps.I've only had this hp laptop a year and I am running windows 7.
View 14 Replies
View Related
Aug 8, 2011
I live in a converted garage at the end of a garden which has a wired connection to the router in the main house. The connection speed is spotty and fluctuates between downloading at around 100-200kBs and having a ping of around 30 in online games (rare) or download rates measure in bytes (normal). Google takes about 10 seconds to load and I can't access steam. I was wondering if this was due to the length of the cable running the length of the garden (about 20m) or some other issue - it is not the computer as I get the same result with my laptop and my desktop, both of which have no trouble when connecting in the main house.
View 5 Replies
View Related
Nov 8, 2011
Yesterday, my linksys router broke down suddenly. I went to the store and bought a new one, a d-link DIR-615. After plugging it in and setting it up, i tried loading web pages and it worked ok. It wasn't as fast as my linksys router but it was fine. When i tried loading youtube videos, that wasn't the same story. The videos didn't load. It started playing but then stopped after a couple of seconds. When i connected my computer directly to the modem, the videos loaded fast. There seems to be something wrong with the video streaming.
View 9 Replies
View Related
Oct 17, 2011
So Today, a few hours ago i decided i was going to clean things up a bit on the computer, so i ran raxco perfectdisk defragger, disk cleanup, ccleaner/ccleaner registry fix a couple of times and windows defrag. So after that, the computer was running amazingly fast, but the internet was suddenly really slow, and youtube videos especially are taking a very long staggering time to load up, when usually my internet connection is average, i have unlimited downloads on my contract so it cant be that and its the temporary internet files and cache either, just cleared it all.
View 3 Replies
View Related
Jan 31, 2012
I recently had a firewall that wasn't passing traffic (ASA 5510 running software version 9.1).It turned out it had 130000 active connections. Doing a "clear conn port 53" dropped the active connection count back to 38k, and the firewall started passing traffic again.
View 7 Replies
View Related
May 17, 2012
My firewalls are running in multiple context mode.According to my troubleshooting, the problem happens because of the following things:
1- The host 10.15.5.100 do a telnet to 10.0.6.100 using the default gateway that is the context firewall C2;
2- The packet go to the C2 and is forward through the interface e0/0 (direct connected);
3- The packet is delivered direct to the host,without passthrough the context firewall C1;
4- The host receive the packet and return the answer to the source host 10.15.5.10 using the default gateway 10.0.1.10;
5- The packet is received by the context firewall C1 and is dropped with the reason Deny TCP (no connection) syn ack;
I think the the problem is on step 4, the context C1 receive a packet that didn't pass by it before. Am I right?
View 2 Replies
View Related
Sep 19, 2011
i have a 5510 with SDM 8.2.5 from clients connected to LAN i cant open a VPN connection! (using windows client L2TP or PPTP) there is not rules tho block this ports, why i cant connect?
my configuration:
FIREWALLP01# show running-config
: Saved
:
ASA Version 8.2(5)
!
hostname FIREWALLP01
domain-name MAIOR.local
enable password 28kg/dOQX80WtMHA encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 1 Replies
View Related
Feb 7, 2013
i've two cisco asa5510 with 4 FastEthernet interfaces each.They are connected as below:
[code]...
to three different ISP each of them! The 4rth interface of each of them, is connected to internal LAN network. Both Firewalls, offers VPN Services to ISP connections on Fa0/0
How can i achieve high availability for this scneario?is this possible to implement some HighAvailability and to offer the actual services to each of them, in case that the other firewall fail?What about using subintefaces? can i connect bothe ISP and Customers links on one or each of them, in case that firewall01 fails, all the services to be online on firewall02?
View 1 Replies
View Related
Oct 29, 2012
I have this box. I have few questions about it.
1) Will I be able to update firmware (from 8.2 to 8.3 or higher for example) without smarnet for ASA 5510? And what can not I do without smartnet?
2) I have only AIP-SSM-10 module to this asa 5510. is there a smartnet for it, too? And when I buy only module is there build in a 1 year subscription for IPS signatures?
3) If I have Cisco ASA 5510 base license, will my IPS on AIP-SSM-10 work?
4) Also I'm planning in a year buy one more 5510 with same module and put ther in failover. Will I really need Security Plus license for failover (Active/Standby)? For Active/Active I know that I need one, yes?
View 5 Replies
View Related
Dec 19, 2012
I'm currently facing a problem with my NAT configuration.When I configure my router Cisco 18xx (see description below) computers behind the nat have a slow connection to internet.But when I deactivate NAT translation the connection works fine.
[code]....
View 4 Replies
View Related
