Solved

Single external website extremely slow on internal network (via internet)

Posted on 2010-11-15
3
1,525 Views
Last Modified: 2012-08-13
We are having an issue with a specific website that some of our users access for business purposes.

The website has become very slow and unresponsive since the past two weeks. We have Websense integrated with our ASA 5520 appliance for internet filtering.

This is the only website we are experiencing issues with. Symptoms include webpage timeouts, slow browsing between pages, very slow downloads ( a 1Mb PDF will take 5-10 minutes to download). Our internet connection is not the issue as every other website is fast.

I noticed through various troubleshooting this problem only occurs on our network. When I hit the website from an alternate network (home, DMZ,) it responds quickly. As soon as we try from our internal network, it is slow like molasses.

We tried turning off Websense web filtering, network agent, put an except rule in the firewall to allow all traffic to the website IP range through, as well as the source client IP.

We also looked at our ASA configuration lines pertaining to the websense filtering.

The following config is present:

url-block block 32
url-mempool 10240
protocol tcp version 4 connections 60

These parameters were implemented a while back to solve other issues we were having.

One odd thing I noticed is when pinging the website from our internal network, I am receiving 10-15% packet loss. From an external network, hardly any packet loss. Again this is specific to this one website, everything else is fine.

Any ideas?

The website in question is www.orbit.com
0
Comment
Question by:pharmascience
3 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
Comment Utility
You need to find out what is dropping the packets.  If you are getting a 10-15% packet loss that will cause serious performance problems.

I would do a packet capture from the ASA.
0
 
LVL 28

Accepted Solution

by:
bgoering earned 250 total points
Comment Utility
This is likely a mss issue - take a look at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml for details as how to determine if this is your problem and how to implement a workaround.

Good Luck
0
 

Author Comment

by:pharmascience
Comment Utility
Thanks guys
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now