[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Website Loads Slowly Publicly (From some IP's) but is Fast Internally

Posted on 2009-04-10
Medium Priority
Last Modified: 2012-05-06
Hi Experts,

I'm pretty proficient with websites and networks but I can't crack this problem.  A couple of days ago, a user reported a website we host was running slow.  The user was hitting the site over the public IP and sure enough it was painfully slow to load. I checked the server and it is fine on resources.  Again, its smoking fast internally.  I get home and start working on it but the speed is suddenly good; I remoted into one of the servers at the office and it starts running painfully slow again across the Public IP.  

So, its fine from some IP's outside the office, but not all sites (we have about 75 sites so I'm jumping onto their local servers to see if it can hit the site over the public IP).

So I'm thinking firewall/ACL problem (Cisco ASA 5510). The NAT rule is solid and the ACL looks fine.  I'm also NAT'ing OWA through the same ASA and it loads fine from the outside (I've got a different public IP/DNS for each site).  Pings and tracerts are all good. I also changed the clients to different public DNS servers just to make sure.

I wanted to rule out the ASA completely so I un-teamed the NIC's, re-IP'd one of them with a public IP so it's [Cisco 2960 EDGE Switch] > [SERVER], disabled the internal IP.  Pings fine on the new public IP, but IIS still hangs, but again only from certain areas.  So this should rule out the ASA.

Before anyone asks, I tested the site with Firefox - still hangs.

From my house its fine - tested from 2 machines including my laptop from work so I know its not a Windows patch problem (same laptop used in the office to test where its slow).

I've verified that Routing and Remote Access isn't running on the web server.

This is where it gets good: I started doing packet level traces and saw something.  At sites where the page loads quickly, I see a handshake between the browswer and server; the protocol is ISAKMP and the Info is "Identity Protection Main Mode".  (The site is running on port 443 with a valid VeriSign SSL).  I'd would see a few of these packets and then you can "see" the html data going back and forth.

Now doing the same packet level trace from a site that's running slowly shows something different.  It shows a quite a few more of ISAKMP entries (10 or so), just back and forth between the server and the client. Now I'm not Cisco certified but I can fumble around and usually get something working but this has got me stumped.  Oh yeah, this happens when the server is plugged directly into the Edge as well.

So the only difference between a page loading and not loading are these ISAKMP entries that I'm seeing.  Also, when I load the page from its internal IP, I don't get these ISAKMP packets at all.

Bring on the answers!


Question by:it_david_glover
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24123249
I notice you didn't mention any frame buffering tests.  Are you seeing packet loss because of misaligned settings with the frame rates?  That can kill performance and will give intermittent results based on the route the client consumes.

Accepted Solution

n7okn earned 1500 total points
ID: 24123384
We had the same problems. Al I  I had to do is put in a static route in the default gateway router to point to the inside web address when the outside address was encounterd.

ip route

Assuming is the outside address, and is the address for the inside web page.

Author Closing Comment

ID: 31569124
Adding a static route at the remote sites fixed the problem - though I'm not exactly sure why adding a static route would tell the Router not to try to initiate an ISAKMP connection.  

Thanks for the help!

Author Comment

ID: 24359818
So we finally found the root cause of this issue that was impacting both internal and external users.  I couldn't figuire out why we were seeing the ISAKMP packets in the first place.  I mentioned it to another friend (in IT) and he suggested I make sure the IPSEC service isn't running on the webserver.  Sure enough it was, and once we disabled that, all problems went away for both internal and external users.


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question