I've recently installed a pair of new ASA5520s to firewall an internet connection. Now, the users have been complaining about very slow performance through that circuit and when I run a bandwidth test on the inside and outside of the ASAs, I get about 50% of the bandwidth on the inside as I do on the outside.
I eliminated all of our other devices that are inline to this connection one by one over the last few days and watch the traffic throughput patterns using dslreports. and every time, if I run it from a connection that is outside the firewall, I get at least twice the throughput, every time, without exception.
I eliminated websense filtering by excluding the test workstation, I literally eliminated the proventia appliance by cabling around it for a short time.
I then swapped cables and set the internal test workstation to the external connection, and the notebook internal, and the roles reversed. Still same result.
What could be causing this? Any help would be greatly appreciated.
Here's the "show ver", "show mem", "show cpu", and "show int" from the ASA -
ASA1# show ver
Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "disk0:/asa722-k8.bin"
Config file at boot was "startup-config"
ASA1 up 16 hours 7 mins
failover cluster up 16 hours 7 mins
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 64MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1026K074
Running Activation Key: 0xdf0f3147 0x0c33d0cb 0x20930138 0xa4dc2098 0xca10e3ba
Configuration register is 0x1
Configuration has not been modified since last system restart.
ASA1# show mem
Free memory: 447737176 bytes (83%)
Used memory: 89133736 bytes (17%)
------------- ----------------
Total memory: 536870912 bytes (100%)
ASA1# show cpu
CPU utilization for 5 seconds = 1%; 1 minute: 1%; 5 minutes: 1%
ASA1# show int
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address , MTU 1500
IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx
2096989 packets input, 1307085243 bytes, 0 no buffer
Received 26842 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
1952415 packets output, 1136937967 bytes, 0 underruns
0 output errors, 0 collisions
0 late collisions, 0 deferred
input queue (curr/max blocks): hardware (0/0) software (0/0)
output queue (curr/max blocks): hardware (0/21) software (0/0)
Traffic Statistics for "outside":
2096987 packets input, 1266556107 bytes
1952415 packets output, 1097840358 bytes
246651 packets dropped
1 minute input rate 163 pkts/sec, 157900 bytes/sec
1 minute output rate 136 pkts/sec, 31542 bytes/sec
1 minute drop rate, 7 pkts/sec
5 minute input rate 144 pkts/sec, 141771 bytes/sec
5 minute output rate 121 pkts/sec, 31718 bytes/sec
5 minute drop rate, 6 pkts/sec
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps
Auto-Duplex(Full-duplex), 100 Mbps(100 Mbps)
MAC address, MTU 1500
IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx
2243286 packets input, 1170486154 bytes, 0 no buffer
Received 245179 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
2073886 packets output, 1224861456 bytes, 0 underruns
0 output errors, 0 collisions
0 late collisions, 0 deferred
input queue (curr/max blocks): hardware (0/0) software (0/0)
output queue (curr/max blocks): hardware (1/48) software (0/0)
Traffic Statistics for "inside":
2243283 packets input, 1126659870 bytes
2073886 packets output, 1184319118 bytes
58373 packets dropped
1 minute input rate 90 pkts/sec, 17885 bytes/sec
1 minute output rate 120 pkts/sec, 123669 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 126 pkts/sec, 32490 bytes/sec
5 minute output rate 154 pkts/sec, 135877 bytes/sec
5 minute drop rate, 1 pkts/sec
Start Free Trial
