ASA 5505 Slow LAN Response

Unanswered Question
Feb 16th, 2009
User Badges:

Installed ASA5505 in branch office. Have l2l VPN between it and HQ. Office is 1 server (W2k), 3 users, 1 printer.

Since connecting LAN to ASA users complaining of slow response times. When pinging from server to devices, average response is 20-30ms.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Mon, 02/16/2009 - 07:27
User Badges:
  • Cisco Employee,

Is this through the Lan to Lan? If this is from Lan to Lan then ping from VPN end point to VPN endpoint, what is the rate? if this is from within the LAN have you check if your switch has no conflict on MAC addresses?

benharned Mon, 02/16/2009 - 07:30
User Badges:

This is from within, on the internal LAN. No dup. MAC in the ARP table.

Ivan Martinon Mon, 02/16/2009 - 07:31
User Badges:
  • Cisco Employee,

go ahead and do a "show run all sysopt" on your ASA and post it here please

benharned Mon, 02/16/2009 - 07:32
User Badges:

Result of the command: "sh run all sysop"

no sysopt connection timewait

sysopt connection tcpmss 1380

sysopt connection tcpmss minimum 0

sysopt connection permit-vpn

no sysopt connection reclassify-vpn

no sysopt connection preserve-vpn-flows

no sysopt nodnsalias inbound

no sysopt nodnsalias outbound

no sysopt radius ignore-secret

no sysopt noproxyarp inside

no sysopt noproxyarp outside

Ivan Martinon Mon, 02/16/2009 - 07:44
User Badges:
  • Cisco Employee,

Well proxy arp is disabled, usually these issues might occur by it. Have you cleared the arp of the devices that might need a refresh? I really can't think on why your ASA will cause issues for traffic that does not even get to it.

benharned Mon, 02/16/2009 - 07:47
User Badges:

Naiveté alert: how do you do that? Are you talking just network equip. arp, or do PC's have arp that need clearing?

The ASA is the only switch in the network.


This Discussion