Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
0
Helpful
4
Replies

ASA5505 - PERFORMANCE ISSUE

Rafael Jimenez
Level 4
Level 4

‎01-14-2008 09:08 PM - edited ‎03-11-2019 04:47 AM

I HAVE AN ASA5505 WITH IP PLUS LICENCE.

I WOULD LIKE TO HAVE AN IDEA HOW MANY USERS CAN THIS ASA SUPPORT.

CURRENTLY IM HAVING PERFORMANCE ISSUE.

HOW CAN I CHECK THIS?.

THE ASDM SHOW ME 18% OF CPU UTILIZATION AND 170MB OF MEMORY IN USE (86MB FREE).

I HAVE FEWS ACL IN THE OUTSIDE INTERFACE (ALLOWING HTTP,POP3,SMTP,SSH,FTP,MSSQL ODBC AND DOMAIN). WHAT IS THE KEY TO KNOW IF THE ASA5505 WAS A WRONG DESCITION....

THANKS

Labels:
0 Helpful
4 Replies 4

srue
Level 7
Level 7

‎01-14-2008 09:49 PM

i trust you've already seen this link?

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

keep in mind that these numbers are from a controlled lab environment with very basic traffic patterns. actual use probably won't come close to these numbers, especially for extended periods of time.

aside from your cpu/memory statistics, why do you think you have a performance issue? any other symptoms?

0 Helpful

Rafael Jimenez
Level 4
Level 4
In response to srue

‎01-15-2008 08:27 AM

one of the interface is dropping conections, there is not acl on the interface.

if i connect my pc instead of the asa interface using the ip of that interface i can connect to other server, services, etc.

that interface in the asa is conected a router.

0 Helpful

srue
Level 7
Level 7
In response to Rafael Jimenez

‎01-15-2008 08:55 AM

is the interface dropping connections or dropping packets?

results of "show interface" and "show asp drop"?

0 Helpful

Rafael Jimenez
Level 4
Level 4
In response to srue

‎01-15-2008 11:49 AM

I found the problem but i dont know how to solve it.

I replace a linux firewall with a ASA5505-sec-bin-k9.

The customer have two remote sites conected in the following way:

The carrier give me (the customer) a LAN connection, a 10/100 wire, but on this LAN there are two routers, one for on remote site and the other for other remote site.

I plug this cable in a L2 switch and two ASA ports one port of the ASA have an ip and the other with another ip.

The perforamce of the ASA is bad with both interfaces conected simultaneosly to that L2 SW. Testing individually each interface alone, it work fine.

How can I preven that both interfaces are listening the same trafic ?.

With the two interfaces conected simultaneusly , one interface is denying the trafic that the other is forwarding, but the total efect is that is dropping packets in both interfaces. How can solve this issue.

be aware that is not possible righ now the carrier change the way that is offering the service.

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card