ASA5505 - PERFORMANCE ISSUE

Unanswered Question
Jan 14th, 2008

I HAVE AN ASA5505 WITH IP PLUS LICENCE.

I WOULD LIKE TO HAVE AN IDEA HOW MANY USERS CAN THIS ASA SUPPORT.

CURRENTLY IM HAVING PERFORMANCE ISSUE.

HOW CAN I CHECK THIS?.

THE ASDM SHOW ME 18% OF CPU UTILIZATION AND 170MB OF MEMORY IN USE (86MB FREE).

I HAVE FEWS ACL IN THE OUTSIDE INTERFACE (ALLOWING HTTP,POP3,SMTP,SSH,FTP,MSSQL ODBC AND DOMAIN). WHAT IS THE KEY TO KNOW IF THE ASA5505 WAS A WRONG DESCITION....

THANKS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Mon, 01/14/2008 - 21:49

i trust you've already seen this link?

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

keep in mind that these numbers are from a controlled lab environment with very basic traffic patterns. actual use probably won't come close to these numbers, especially for extended periods of time.

aside from your cpu/memory statistics, why do you think you have a performance issue? any other symptoms?

Rafael Jimenez Tue, 01/15/2008 - 08:27

one of the interface is dropping conections, there is not acl on the interface.

if i connect my pc instead of the asa interface using the ip of that interface i can connect to other server, services, etc.

that interface in the asa is conected a router.

srue Tue, 01/15/2008 - 08:55

is the interface dropping connections or dropping packets?

results of "show interface" and "show asp drop"?

Rafael Jimenez Tue, 01/15/2008 - 11:49

I found the problem but i dont know how to solve it.

I replace a linux firewall with a ASA5505-sec-bin-k9.

The customer have two remote sites conected in the following way:

The carrier give me (the customer) a LAN connection, a 10/100 wire, but on this LAN there are two routers, one for on remote site and the other for other remote site.

I plug this cable in a L2 switch and two ASA ports one port of the ASA have an ip and the other with another ip.

The perforamce of the ASA is bad with both interfaces conected simultaneosly to that L2 SW. Testing individually each interface alone, it work fine.

How can I preven that both interfaces are listening the same trafic ?.

With the two interfaces conected simultaneusly , one interface is denying the trafic that the other is forwarding, but the total efect is that is dropping packets in both interfaces. How can solve this issue.

be aware that is not possible righ now the carrier change the way that is offering the service.

Thanks.

Actions

This Discussion