Cisco Infrastructure :: ASA 5510 - Plug In And Internal Switches Have Slow Speed?

Jul 19, 2012

I have a 100mbps internet connection from my ISP but once the connection hits the ASA the download speed gets reduced to 15mbps. My network is setup as follows: ISP Modem ---- Edge Switch ----- ASA --- Internal Cisco Switches

If I plug my computer into an extra port on the Edge Switch I get speeds around 92mbps with normal traffic still going to the ASA. But when I plug into the ASA and internal switches I have speeds of 15mbps.
 
I have made sure that duplex/speed match on the links. I have done packet captures and within  two minutes I do have several dup acks and retransmissions. The retransmissions don't seem to match the dup acks. (The retransmission is not for the dup ack requested so the dup ack keeps being resent)
 
The only interface error is on the inside interface which includes 700 overruns in a weeks worth of time.I am not using an IPS/IDS. I do have several vpns on it but was not going through a vpn tunnel. I am also using NAT.I am using an ASA 5510 8.2(1)

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 Internet Download Speed Is Very Slow

Jul 4, 2012

We are using ASA 5510 with internet link of 40 MB. we are facing issue of slow download speed. we have done all basic troubleshootings like: fixed duplex full on interfaces, checked CRC reeors on interfaces.
 
we are using around 40 L2L VPN tunnels on same ASA.

View 3 Replies View Related

Cisco Switching/Routing :: Can Plug GLC-T Into N7K-F248XP-25 And Set Speed At 100Mbp

Oct 21, 2012

Looking to deploy N7K-F248XP-25s in N7K-C7009s, because the cost and value are really good, however I have some 100Mbps copper connections I'll likely be stuck with for a while.  So... can I plug a GLC-T into a N7K-F248XP-25 and set the speed at 100Mbps?

View 1 Replies View Related

Broadband :: Webpages Slow / Plug In Not Responding?

Apr 9, 2012

this window appears now and then: This plug in wont respond, do you wish to interrupt Unknown ?

View 1 Replies View Related

Routers / Switches :: Plug A 8 Port Switch Directly?

Sep 27, 2011

I have a Modem/Router combo and am trying to plug an 8 port switch directly into it and then have wireless AP's and other hardwired devices plugged into the switch. Normally, when I plug a switch into a router it requires no set up. This one on the other hand, will not work.

View 7 Replies View Related

Linksys Wireless Router :: WRT54G Speed Test Shows Slow Speed

Nov 6, 2011

I have a Arris DLS with 12 Mbps Download and when I Connect my laptop directly I get the same speed as 12 Mbps but when I do the speed test with my linksys I get only 5 Mbps. How to upgrade to the new WRT54GL or WRT54GS?

View 1 Replies View Related

Belkin Basic USB Wireless Adapter / Very Slow Download Speed - Upload Speed Is Fine

Jan 11, 2011

Recently my desktop has experienced very slow download speeds (~0.11 Mbps), however the upload speed appears to be in line (~2.0Mbps). These numbers are taken from Comcast's speed test (my ISP). It is obviously a problem with my PC because everything else on the network (PS3, Laptop) have great signals with no problems. I just recently reverted the Desktop back to its factory state, and everything was working fine for a couple of months. The desktop in question uses Vista 32-bit and the Belkin Basic USB Wireless Adapter.

View 1 Replies View Related

D-Link DIR-655 :: Download Speed Fine But Upload Speed Is Way Slow?

Mar 17, 2011

I live in the tampa bay area, I have bright house (BHN) as my service provider, which provides a Road Runner Lightning (40/5) package.  I previously used BHN's top tier (20/2) back in July (and prior) with no problems.

After converting to Lightning in August of this year (2010).  Of course, BHN (and every other provider) wants to force a modem/router down your throat, so I had them bridge it (in short, turn it into a dummy modem with no routing). I had an SMC branded modem gateway at the time.  I work from home 2 days a week (so I can spend more time with my kids during morning, lunch, right after work) and this requires me to use QoS to ensure my VOIP work calls don't get dropped, if the family is watching youtube videos or watching netflex. 

My network was as follows SMC Modem >WAN IP>>WAN Port>>D-link DIR-655>>Switch Ports>PC1, PC2, PC3

Everything seemed fine (from a usability stand point) till about 2 weeks ago when my upload speed seemed to grind to halt.  Normally I was able to upload about 200-300K per second, and I noticed this dropped to about 45K per second during a drop box upload.   First thing I did was power cycle both my modem and router (in the proper/usual order).  After they both come up, I start using speed test to find out what my upload speeds were.  I was getting about 39Mbps down, but only .56Mbps up still.  I factory reset my router.... test, similar speeds.  Power cycle all computers (just in case), and then modem/router.  Tested, similar speeds.   Updated the firmware to the latest. Same issue

Called BHN customer service, they factor reset it, but it wasn't in bridge mode.  If I by passed the 655, in factory mode (non bridge mode) upload speeds returned to better than expected states.  If I bridged the cable modem, upload speeds seemed to crash.

Had BHN replace the modem, seemed fixed for a day, then issue came back.  Had them come back out and replace it again, this time with a Motorolla Surfboard modem... same issue.  Fine during factory reset, however after they bridge the modem, upload speeds were fine.  Told BHN I would take it from there.. Connected up the DIR-655, and upload speeds crashed again. (.6Mbps).  Called D-Link Support, and the Chinese English speaking rep seemed to not be listening to me and tried to have me adjust my MTU as well as Wireless settings.  Long story short... the rep was a level 0 id10t and I hope D-link will consider hiring better employees/contractors.  So I was all about to give up and replace it with a DD-WRT capable router (which it takes me a lot to want to swap hardware), when I discovered the wan shaping was on.  Which I thought to myself... nah... QoS has never messed up before... why would it be the cause.  Turned off wan shapping... and voila.  Issue seemed to be insta-resolved.

Unsatisfied with that... I decided to dig a lil deeper. I turned on Wan shaping again, but decided to set the settings manually instead of auto detect.   

Here are the settings I used... (Advanced Tab>QoS)
Enable Traffic Shaping - Checked
Automatic Uplink Speed - Unchecked
Manual Uplink Speed - 5000
Connection Type: Cable or Other Broadand Network

Enable QoS Engine - Checked Automatic Classification - unchecked (this checked seemed to affect my upload speed by about 5-10% during testing) Dynamic Fragmentation - unchecked (this checked seemed to be the worse enemy for upload speed)

While I know I'm not any network guru (still have to use a subnet calculator for subnetting), I think I did a pretty good job drilling down the issue (once I got passed my service provider replacing modems).

Anyways, I've had overall good luck with D-Link products, even have a 5 port 10/100 switch (all metal) from 1998 that works great.  Hopefully, D-Link will just either put more documentation on the web, or hire better employees.

View 3 Replies View Related

Slow To Access Internal Sites Via External IP

Jul 17, 2012

Our secondary site accesses the internal intranet via a link, which is basically:

[URL] where externalip is the IP address of my router.

* This used to work fine before we migrated from ADSL (6mb up / 0.5mb down) to Fibre(70mb / 20mb) *

Internally, I access the same link, but via [URL] Internally it loads in 2 seconds, externally it is taking 68seconds(ish)..

I can't work it out, the fibre shouldave made things loads quicker but is infact very slow. I'm wondering if something network wise is going on.

The intranet is a php intranet sitting on apache, and using postgresql as the database. Other pages load fine, this specific index.php page does quite a lot of DB connections and so on, but as I say before, it worked fine before the migration.

View 1 Replies View Related

Cisco Infrastructure :: 3825 Can't Save Modem Speed Settings On Aux 0

May 15, 2011

I try to change modem speed from 1200 to 19200 on aux 0 interface.But I can't save the settings using "write memory" In show running-config, I can see modem speed successfully changed.
 
Cisco3825's OS information is here. c3825-spservicesk9-mz.124-25b.bin

View 3 Replies View Related

Cisco Infrastructure :: CS2811 - Maximum Speed Supported For IMA Service Provided

Dec 14, 2011

Can we use all four E1 (i.e.  8Mbps) connections for IMA on IMA-4E1 card in a CS2811 router. What is the maximum speed supported for IMA service provided?

View 3 Replies View Related

Linksys Cable / DSL :: WAG54G Internal Switch Get Very Slow At Connecting

Jan 30, 2012

All of a sudden, the router's internal ethernet switch has started to get very slow at connecting to local machines. I can observe the connection fading in and out on each connected machine for up to half an hour until it gets stable. None of the settings have been changed lately.When I use WI-FI, the problem doesn't occur.

View 2 Replies View Related

Cisco Infrastructure :: 1921 / Implement Dynamic QoS Between Two Sites Across Low Speed WAN Link (512k)?

Jan 15, 2013

I have a trouble to implement dynamic QoS between two sites (Site A, and site B) across low speed WAN link (512k). On each site I have Cisco 1921 router. Most important app is Oracle. Because of slow speed WAN links, I want to avoid exact bandwith reservation for Oracle. I only reserve 5% bandwith for network control(icmp, ssh, telnet...) and want configure next Qos scenario:
 
1. If Oracle traffic exist on a network, it must have 70% of link speed guaranteed, all other apps (e.g mail, file share, ftp) use rest of the bandwith.

2. If there isn't Oracle traffic on a network, all other apps can use all available bandwith.
 
Issue descrtption:I used all Cisco guides, but when I implemented this on production it simply didn't work. There is no any significant improvement after implementing this (when I start network file sharing accross wan link, Oracle becomes etremly slow.).Here is configuration wich I trying to implement:
 
ACL-s and class-maps used to mark traffic:
 
access-list 119 remark ###QoS-MGMT###
access-list 119 permit tcp any any eq 22
access-list 119 permit tcp any any eq telnet
access-list 119 permit icmp any any
access-list 120 remark ###QoS-DB_ORA###

[code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5510 / PAT Different WAN IP Tp Internal Host?

Dec 14, 2012

We just changed ISPs and now have a /29 routed subnet to be used on our ASA 5510 (8.4) instead of the one public ip we had before.There are a couple of PAT translations that were previously setup on the "interface" address which i now want to assign to a different ip address further in my subnet.

So i just changed this:

object network BMMM
nat (inside,outside) static interface service tcp smtp smtp
 to:
object network BMMM
nat (inside,outside) static other.external.ip.in.subnet service tcp smtp smtp
 
And assumed that this would work,y it does not, and this leaves me unable to contact that machine from the outside.And shoud i also change my access-list?The relevant access-list rule is:access-list outside_in extended permit tcp any object BMMM eq smtp

View 5 Replies View Related

Cisco Infrastructure :: Reconfigure ASA 5510 Outside Interface?

Aug 5, 2012

We recently upgraded our bandwidth and I have to change the ip address on our ASA 5510. I just want to make sure that I am doing it right. All I will need to do is open up the ASDM and under confiugration go to interfaces and make the needed changes to the outside interface. Then under routing I will make the gateway IP change on the outside interface.

View 4 Replies View Related

Cisco VPN :: ASA 5510 / How To Provide Only RDP Access To A VPN Users To Internal PC

Sep 27, 2011

we have a ASA 5510 firewall and i have created remote vpn user who connects the internal network via vpn any connect after connecting i want him to only access his internal PC via rdp and not access other internal website or shared folders without connecting to the RDP however now he can access the internal website wihtout connecting to RDP?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Communication Between Two Internal Interfaces

Jun 11, 2013

I've been following most of the comments in regarding how to allow communication between two internal networks on a ASA5510 8.2.5 But I am still a little confused about to how to set my firewall. I made chages to it and still do not have the desired results.
 
I need to allow comunication between Interface 0/1 and Interface 0/2. See configuration file with fake or dummy ip address below.
 
ASA Version 8.2(5)
!
hostname ciscoasa
domain-name lxx.com

[Code].....

View 1 Replies View Related

Cisco WAN :: 5510 To Add A Static Nat To Allow Access To Internal Webserver

Mar 20, 2011

ASA 5510I'm trying to add a static NAT for to allow access to an internal webserver on my DMZ.  I've added the config, however i'm still unable to get to it from the outside.  I'm able to ping and browse the server from the LAN and I'm also able to ping the external interafce from the outside, but just unable to browse.I've turned on logging and the error I'm getting is "Inbound TCP connection denied...flags SYN on interface outside"

View 0 Replies View Related

Cisco VPN :: ASA 5510 - Internal IP From Sonicwall LAN / Setup A VPN Tunnel?

Nov 5, 2011

I am trying to setup a VPN tunnel between a Cisco ASA 5510 (Version 8.2(2)) and Sonicwall TZ200. I got tunnel up and going and I am able to ping the Cisco ASA internal IP from the Sonicwall LAN but nothing else works.

When I try to ping a host behind the Cisco ASA from the Sonicwall LAN I get the following message "Asymmetric NAT rules matched for forward and reverse flows;

[code]...

View 14 Replies View Related

Cisco Wireless :: ASA 5510 NATing 2 Internal IPs To 1 Public IP

Apr 27, 2013

I have a doubt on how do nat 2 internal ip addresses to 1 public ip for FTP uses.
 
As I know Cisco ASA cannot use to nat 2 internal ips to 1 public ip as the ASA cannot read the host header. It there anyway to control it by using acl or network object group?
 
My current configuration for nat 1 internal ip to 1 public ip:
 
static (firewall-dmz,firewall-outside) tcp 210.19.xx.xx 21 172.16.101.11 21 netmask 255.255.255.255  dns

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - How PAT With One Public IP To Two Internal Servers

Sep 18, 2012

I've tried a bunch things but it didn't work, I'm about to gave up! :-/
 
I have the following scenario:
 
ASA5510 - v8.3(2)
 
Interfaces
ETH0/0 = outside  = 189.xxx.xxx.129
ETH0/1 = inside = 10.xx.1.15

[Code]....

What should I do to get the SIP and 8080 port working on my Public IP, likewise just as access from my browse the http://189.xxx.xxx.129:8080 and get through directly to my internal server 10.xx.xx.61 ?

View 5 Replies View Related

Cisco Firewall :: Routing To Internal Subnets From ASA 5510

May 17, 2012

Having trouble with a couple items.  First of all, should I be able to ping the inside interface of the ASA from all internal subnets assuming all of these subnets/vlans are directly connected to the same L3 switch?  I can ping the ASA inside interface from our L3 switch, but I cannot ping the inside interface from a host on a different internal subnet.  I have setup static routing on the ASA [

route inside 10.10.96.0 255.255.248.0 10.30.1.1 1]and verified that I can ping the host [10.10.96.212] from the ASA inside interface [10.30.1.5].  The inside interface is on the 10.30.1.x/24 subnet.  My host is on the 10.10.96.x/21 subnet.  From the ASA I can ping 10.10.96.212, but I cannot ping 10.30.1.5 from 10.10.96.212.  I can however ping 10.30.1.1 from 10.10.96.212.
 
This leads to my next issue, which is trying to setup the ASA to work concurrently with our current firewall.  I'm doing this in order to transition to the ASA.  I'd much prefer to cutover inbound NAT a little at a time vs. doing it all at once.  Our current firewall is setup at 10.30.1.2 and this is the default route on our L3 switch (0.0.0.0 0.0.0.0 10.30.1.2).  So my question is, if I setup an inbound NAT to one of our web servers on the 10.10.96.x subnet, will I be able to get it to route back to the ASA as opposed to ending up in asymmetric routing **** since the default route points back to our other firewall? 

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - NAT And Internal Network Routing

Apr 16, 2013

I am having a problem getting my ASA to work properly.  I attached a diagram for reference and most of the config is below. When I finally got it to route properly between 2 sub nets on the internal network, the NO NAT statement broke routing for the VPN Clients who rely on a NAT statement for the same sub net that is listed in NO NAT access list.  I can get one of the 2 to work by replacing NAT statements but can't figure out a combination to allow routing for both the internal sub nets and the VPN clients to work. 

It's been about 5 days of tweaking this thing just to get the internal routing to work correctly and when I finally did I broke VPN client access.  To note, the VPN clients can still log in and get a session going, they just can't get anywhere once they are in.  I also think there's a lot of stuff in this config that is not needed like a lot of the object groups, etc. but I am being very careful about removing anything.  I took over support of this ASA after someone else put it in place and over this past weekend we moved it to a new building and new ISP and that is when I had to get it to route between sub nets.  The main point of this move was to remove building 1's reliance on building 2 for Internet and outside email access in the event that building 2 is not available (it is close to water and this has happened more than once over the past year). 

So that is why I can't go with the smartest option of just keeping the routes on the router in the other building.  I also know the 1600s are ancient but they're all we have for now.  I can provide those router configs also but they are VERY basic, all static routing. The IP for the Cisco router on the same sub net as the ASA is 192.168.42.254.

This is the statement that allows the routing to work between the 2 internal sub nets but breaks VPN clients: nat (INSIDE) 0 access-list NO NAT

This is the statement that allows the VPN clients to work but breaks the internal routing: nat (INSIDE) 0 access-list INSIDE_nat0_outbound 

The rest of the config is below the diagram.
ASA Version 8.2(2)
host name Cisco asa
domain-name default.domain.invalid
enable password - encrypted
password - encrypted
names
dns-guard
[code]...

View 7 Replies View Related

Cisco Firewall :: How To Configure 4GE SSM Or ASA 5510 Internal Data Ports

Feb 4, 2013

I have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using  ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Address Translation Through Internal Network

Jan 19, 2013

Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it 68.68.68.1), and I have an inside private IP address (192.168.1.2/24). The inside IP address leads to a 4900m with that interface being configured with a 192.168.1.1 (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. (192.168.2.0/24). Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).

Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat (68.68.68.222 to and 92.168.2.60) given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the 192.168.1.0 network to reach the 192.168.2.0 network.

View 11 Replies View Related

Cisco VPN :: 5510 Anyconnect Unable To Reach Internal Networks

Sep 18, 2012

I have ASA 5510 and configured client VPN or Annyconnect VPN, when I connect to the ASA remotely using anyconnect I am able to get IP address as configued, from Internal network I can ping and RDP that anyconnect VPN desktop, but the problem is from the remote anyconnect VPN client I am unable to access internal network, when I use ASA packet tracer and check traffic from internal to anyconnect pool of addresses it gives result ok, but when i use packet tracer to check traffic on outside interface from  anyconnect address pool to internal subnet it always gives the packet is dropped at WebVPN - SVC, and I can find any where related configuration for that.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 / Unable To Get Internal Networks Talking To Each Other

Apr 22, 2012

I am tasked with transferring all clients from one subnet to the other. I figure the nicest way to do this is to temporarily have the subnets talk to each other in an endeavour to avoid as much downtime as possible. The two internal subnets are:

192.168.0.0/24
192.168.43.0/24 (the intended migration network)
 
I am beating my head against the desk here as I dont seem to be getting anywhere after the changes I have made. The current configuration is as such:
 
ASA Version 8.2(5)
!
hostname ciscoasa
domain-name *****
enable password ***** encrypted
passwd ***** encrypted
names

[code]......
 
Upgrading the firmware is not really an option?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Connecting To External IP Of Internal Server

Sep 25, 2012

I was just wondering if it's possible with an ASA 5510 to connect to the external IP address of an internal server from inside the network.  I have already set up dns doctoring for dns lookups, and everything is working fine there.  We have an application inside the network that tries to connect straight to the external Ip of another internal server.  where to look in the ASDM 6.4?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Internal Network Cannot Connect To Internet

May 12, 2012

I have an ASA 5510 configured 3 interface Internet_AAPT, Internal_Network and Server_Network. The server network works fine as is able to connect to the internet and services like port 80 work from the internet in. But from the Internal_Network can only get to the server network but not internet (6May 13 201214:17:4030201310.153.111.21253663199.47.216.14880Built outbound TCP connection 42508 for Internet_AAPT:199.47.216.148/80 (199.47.216.148/80) to Server_Network:10.153.111.212/53663 (10.153.111.212/53663). The weird thing in logs i see a connection being made but for some reason its referring to the Server_Network interface? below is my current config...
 
ASA Version 8.2(5)
!
hostname ASA01
domain-name names
name 10.153.11.184 QNAP
name 10.153.11.192 exc2010
name 10.153.11.133 zeacom

[code]....

View 10 Replies View Related

Cisco Infrastructure :: 5510 - Equivalent Of Netstat Command On Router

Jul 30, 2003

Is there any way to see on what ports a Cisco 5510router is listening to just like a "netstat -an" on UNIX would do. I could easily do a portscan to give me this report but would prefer having the information through a show command.

View 4 Replies View Related

Cisco Firewall :: 5510 - Connections Routing Between Two Internal ASAs Fail

May 19, 2012

We have a site with two inbound circuits, one for internet and one for our MPLS.  Each circuit is being terminated by a 2921 Router and matching ASA 5510 Firewall.  For the internal network, the Internet ASA's inside interface (172.16.0.1) is the default gateway for all hosts.  OSPF is the routing protocol between all the routers and ASA's and routing is working.  In fact, ICMP is working as well.  From an inside host (172.16.0.81), we can ping anything on the MPLS network.  But when I try to use telnet (for example), the connection fails.  If I add a route to 10.10.10.0 to the host, or re-configure the host to point to the MPLS ASA (172.16.0.254) as it's default gateway, connections will establish.
  
Both ASAs are running 8.4(3), and have the following commands:
 
same-security-traffic permit intra-interface
interface Ethernet0/0
nameif outside

[Code]....

And from the MPLS nodes, I can see a tcp request is made. 

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Guest Network Access To Internal Webserver

Dec 18, 2012

I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver.  (DMZ discussion aside)
 
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside - 172.20.1.2
guest_inet - 10.2.1.1
 
Internally clients resolve our website to 192.168.40.40 and that part works as it should.  Clients outside of our network resolve our website to the correct external address (lets just call it 1.1.1.1). We have a NAT statement static (inside, outside) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 and an ACL to permit tcp any host 1.1.1.1 eq www
 
Clients on our guest_int use an external DNS server and hence resolve our website to 1.1.1.1.  However it seems traffic goes out and back in our outside interface and this connection never occurs.
 
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website.  Would that be: static (inside,guest_inet) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 ?  Since there is already an ACL permitting port 80 traffic to 1.1.1.1 we should be taken care of on the ACL side of things, right?

View 3 Replies View Related

Cisco Firewall :: Statically PAT Multiple Internal Hosts To One External Host 5510

Feb 20, 2012

I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved