Website Loads Slowly Publicly (From some IP's) but is Fast Internally

Hi Experts,

I'm pretty proficient with websites and networks but I can't crack this problem.  A couple of days ago, a user reported a website we host was running slow.  The user was hitting the site over the public IP and sure enough it was painfully slow to load. I checked the server and it is fine on resources.  Again, its smoking fast internally.  I get home and start working on it but the speed is suddenly good; I remoted into one of the servers at the office and it starts running painfully slow again across the Public IP.  

So, its fine from some IP's outside the office, but not all sites (we have about 75 sites so I'm jumping onto their local servers to see if it can hit the site over the public IP).

So I'm thinking firewall/ACL problem (Cisco ASA 5510). The NAT rule is solid and the ACL looks fine.  I'm also NAT'ing OWA through the same ASA and it loads fine from the outside (I've got a different public IP/DNS for each site).  Pings and tracerts are all good. I also changed the clients to different public DNS servers just to make sure.

I wanted to rule out the ASA completely so I un-teamed the NIC's, re-IP'd one of them with a public IP so it's [Cisco 2960 EDGE Switch] > [SERVER], disabled the internal IP.  Pings fine on the new public IP, but IIS still hangs, but again only from certain areas.  So this should rule out the ASA.

Before anyone asks, I tested the site with Firefox - still hangs.

From my house its fine - tested from 2 machines including my laptop from work so I know its not a Windows patch problem (same laptop used in the office to test where its slow).

I've verified that Routing and Remote Access isn't running on the web server.

This is where it gets good: I started doing packet level traces and saw something.  At sites where the page loads quickly, I see a handshake between the browswer and server; the protocol is ISAKMP and the Info is "Identity Protection Main Mode".  (The site is running on port 443 with a valid VeriSign SSL).  I'd would see a few of these packets and then you can "see" the html data going back and forth.

Now doing the same packet level trace from a site that's running slowly shows something different.  It shows a quite a few more of ISAKMP entries (10 or so), just back and forth between the server and the client. Now I'm not Cisco certified but I can fumble around and usually get something working but this has got me stumped.  Oh yeah, this happens when the server is plugged directly into the Edge as well.

So the only difference between a page loading and not loading are these ISAKMP entries that I'm seeing.  Also, when I load the page from its internal IP, I don't get these ISAKMP packets at all.

Bring on the answers!


Who is Participating?
We had the same problems. Al I  I had to do is put in a static route in the default gateway router to point to the inside web address when the outside address was encounterd.

ip route

Assuming is the outside address, and is the address for the inside web page.
Ted BouskillSenior Software DeveloperCommented:
I notice you didn't mention any frame buffering tests.  Are you seeing packet loss because of misaligned settings with the frame rates?  That can kill performance and will give intermittent results based on the route the client consumes.
it_david_gloverAuthor Commented:
Adding a static route at the remote sites fixed the problem - though I'm not exactly sure why adding a static route would tell the Router not to try to initiate an ISAKMP connection.  

Thanks for the help!
it_david_gloverAuthor Commented:
So we finally found the root cause of this issue that was impacting both internal and external users.  I couldn't figuire out why we were seeing the ISAKMP packets in the first place.  I mentioned it to another friend (in IT) and he suggested I make sure the IPSEC service isn't running on the webserver.  Sure enough it was, and once we disabled that, all problems went away for both internal and external users.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.