Slowness on ASA 5520

Unanswered Question
Aug 13th, 2008

Hi Guys -


I have a weird situation. I have an ASA 5520 that is our VPN end point for staff connecting remotely using the Cisco VPN client. ASA 5520 is connecting to one of the interfaces on the ASA 5510 (firewall). 5510 is connected to the inside network.


Most staff members VPN in from home using a wireless connection on a LinkSys router (or a Netgear). Access Point has either WEP or WPA configured for encryption. When they try to open files on a network drive (mapped to a file server in the office) when connected thru the VPN, opening files is very slow. However when WEP or WPA encryption settings are removed from the access point, opening files on the same network drive is much faster. We've noticed this behavior for many people.


Any ideas on how to resolve this? Of course, it is not practical for us to ask staff members to remove encryption settings from their home access points.


Any help would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Wed, 08/13/2008 - 18:51

The WEP/WPA encryption is only limited to traffic between the remote clients and their respective AP. Once the traffic leaves their AP towards the internet, there is absolutely no encryption! The only reason I think is happening is they are over-loading their access points because of the encryption overhead. CIFS by design was not meant to be used over the WAN, so its slow from the WAN irrespective of VPN,Wireless,WEP or WPA. These things just make it more 'slower'


Also try to enable 'service reset ..' command on the firewall if its already not there.


Regards


Farrukh

ksarin123_2 Wed, 08/13/2008 - 20:48

Hi Farrukh -


Thanks for your message.


Aren't the service commands used to send RST's when the original request from the outside is denied? In the case of remote users connecting via a VPN client, I am not sure how that applies...


Can you explain?

Farrukh Haroon Wed, 08/13/2008 - 23:38

There are three different version of the command. Please check the commmand ref.


Regards


Farrukh

Actions

This Discussion