Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
3
Replies

Server slow through ASA 5520 -Urgent

somnath21
Level 1
Level 1

‎04-09-2008 09:26 PM - edited ‎03-11-2019 05:29 AM

Hi,

In my office one new IBM AS/400 server is installed.The server internal ip is nated with public ip and opened 6013 port.The server applications are fast through local LAN but it's dead slow when it is accessing through internet by the outside users.For the verification I have directly conncted the server from the internet router and assign public IP into it.That time it's very fast for the outside users and running fine.Problem is whenever the CISCO ASA 5520 comes into the scenario the server going to dead slow for the outside users.

even i gave given any any in access-list, but still same problem.

please guide to solve this issue..

Thanx,

som

Labels:
0 Helpful
3 Replies 3

husycisco
Level 7
Level 7

‎04-10-2008 03:25 AM

Hi Somnath,

In your static statement for server, try adding "norandomseq" statement at the end.

If it doesnt work, remove the "norandomseq" and check MTU settings.

Do you have access lists applied to outbound of any interface?

Regards

0 Helpful

somnath21
Level 1
Level 1
In response to husycisco

‎04-10-2008 04:47 AM

Hi,

i have checked with "norandomseq" statement but it was not working. In my ASA MTU size is 1500, is it sufficient?

in the ASA only in bound access-list has been configured and placed in the outside interface.

config..

access-list outside_in extended permit ip any any

access-list outside_in extended permit udp any any

access-list outside_in extended permit tcp any any

access-group outside_in in interface outside

Please help in this issue...

thanx,

som

0 Helpful

chickman
Level 1
Level 1
In response to somnath21

‎04-10-2008 04:56 AM

I'm curious if it could be your inspect rules. I would suggest to do a debug while you can verify traffic is going through the ASA. That way you can see what is going on, whether you are getting syn/acks resets.. or whatever.

As far are your MTU size, its standard, so no issues SHOULD be seen from that.

But, I believe the primary thing you should do is get a look at how the traffic is interacting with the ASA. The ACL you put in place cleared any type of access control. Unless you have another ACL attached to the IN interface in the "out" direction.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card