ASA5505 Poor Performance

Hello there,

We have a Cisco ASA5505 configured at a clients site and it has been SLOW since configuring port forwarding after install.  Here is the configuration, see anything that could be causing this?  There is constantly 732kbps of outgoing WAN traffic that should not be there.

the adress represents our single external IP  (changed for security purposes)
the address is our internal mail/HTTPS server (needs ports 25,4125,443 forwarded)

: Saved
ASA Version 8.2(1) 
hostname CISCOASA
enable password f6YsckNYzxWEjFBV encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Vlan1
 nameif inside
 security-level 100
 ip address 
interface Vlan2
 nameif outside
 security-level 0
 ip address 
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
object-group service DM_INLINE_TCP_0 tcp
 port-object eq https
 port-object eq imap4
 port-object eq pop3
 port-object eq pptp
 port-object eq smtp
object-group service rtp tcp
 port-object eq 4125
access-list outside_access_in extended permit tcp host any object-group DM_INLINE_TCP_0 
access-list outside_access_in extended permit tcp any interface outside eq smtp 
access-list outside_access_in extended permit tcp any interface outside eq https 
access-list outside_access_in extended permit tcp any interface outside object-group rtp 
access-list outside_access_in2 extended permit tcp any interface outside eq pop3 
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (inside,outside) tcp interface smtp smtp netmask 
static (inside,outside) tcp interface https https netmask 
static (inside,outside) tcp interface 4125 4125 netmask 
access-group outside_access_in in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 444
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address inside

threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
prompt hostname context 
: end

Open in new window

Who is Participating?
PCFix1011Author Commented:
As it turns out, the SMTP Virtual Server and SMTP Connector were completely corrupted and malfunctioning.  I disabled the virtual server and created a new one, and deleted the SMTP connector, and re-created, and everything is working properly.

I figured out the corruption problem by using Wireshark to sniff the packets from the SBS03 server.  There were tons of fragmented packets with bad checksum going to various yahoo email servers.  Just about 700kbps of traffic....
PCFix1011Author Commented:
I've noticed that when looking at the traffic usage, there is about 700kbps unaccounted for......  That is, when you add up the "current bytes per second" usage between all protocols, there is a 700kbps discrepancy.  Very strange.
PCFix1011Author Commented:
It looks like it may be wild SMTP activity....
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

You should check that the mail server isn't an open relay and that there are no infected PCs on your network sending out spam.  You can start with an ACL that blocks all outbound SMTP traffic except those from the mail server.

PCFix1011Author Commented:
When I disable the SMTP service on the server (SBS03) the traffic stops.  When enabled, it will be fine for a while, and then traffic will jump to the 700kbps range.  The strange thing is when I look at the "current sessions" and the mail queues, there is no activity.  I am beginning to wonder if there is a problem with the SMTP service on the server.
PCFix1011Author Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.