Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Single external website extremely slow on internal network (via internet)

Posted on 2010-11-15
3
Medium Priority
?
1,570 Views
Last Modified: 2012-08-13
We are having an issue with a specific website that some of our users access for business purposes.

The website has become very slow and unresponsive since the past two weeks. We have Websense integrated with our ASA 5520 appliance for internet filtering.

This is the only website we are experiencing issues with. Symptoms include webpage timeouts, slow browsing between pages, very slow downloads ( a 1Mb PDF will take 5-10 minutes to download). Our internet connection is not the issue as every other website is fast.

I noticed through various troubleshooting this problem only occurs on our network. When I hit the website from an alternate network (home, DMZ,) it responds quickly. As soon as we try from our internal network, it is slow like molasses.

We tried turning off Websense web filtering, network agent, put an except rule in the firewall to allow all traffic to the website IP range through, as well as the source client IP.

We also looked at our ASA configuration lines pertaining to the websense filtering.

The following config is present:

url-block block 32
url-mempool 10240
protocol tcp version 4 connections 60

These parameters were implemented a while back to solve other issues we were having.

One odd thing I noticed is when pinging the website from our internal network, I am receiving 10-15% packet loss. From an external network, hardly any packet loss. Again this is specific to this one website, everything else is fine.

Any ideas?

The website in question is www.orbit.com
0
Comment
Question by:pharmascience
3 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1000 total points
ID: 34142185
You need to find out what is dropping the packets.  If you are getting a 10-15% packet loss that will cause serious performance problems.

I would do a packet capture from the ASA.
0
 
LVL 28

Accepted Solution

by:
bgoering earned 1000 total points
ID: 34145572
This is likely a mss issue - take a look at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml for details as how to determine if this is your problem and how to implement a workaround.

Good Luck
0
 

Author Comment

by:pharmascience
ID: 34175580
Thanks guys
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Make the most of your online learning experience.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question