Cisco ASA 5510 is throttling internet bandwidth
Posted on 2011-04-26
I have a Cisco ASA 5510 that is throttling our internet bandwidth. We recently upgraded from a Qwest 20 Mbit connection to a 100 Mbit connection. The connection should be 100 up and down. When I run speed tests, I get about 85 down and 4 up.
If I disable my "policy-map global_policy" on my ASA, I get about 88 down and 85 up. So I know that there is something in the default packet inspection that is slowing things down. Here are my policies on the ASA:
match port udp eq domain
match access-list traffic_for_ips
policy-map type inspect dns preset_dns_map
message-length maximum 512
inspect h323 ras
inspect dns preset_dns_map
ips inline fail-open
inspect dns dynamic-filter-snoop
service-policy global_policy global
service-policy botnet-policy interface Outside
As you can see, I have the botnet traffic filter as well, but the problem seems to be the "global_policy" policy. If I do a "no service-policy global_policy global", then my upload bandwidth shoots up to 80+ Mbit/sec. So, my question is, what packet inspection is happening to throttle my bandwidth? What can I safely change to allow all my bandwidth?