cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1053
Views
0
Helpful
11
Replies

Problems with slow access to a certain site.

dporod
Level 1
Level 1

We are experiencing very slow speeds when accessing the below link. We are going through a 7.2.1 525 PIX and using PAT.

When I hook up a workstation "in front" of the firewall the speed is acceptable.

I don't see anything in the config directly relating to this site. There seems to be some interaction between this download and our firewall but I am at a loss.

Downloads of pdf's from other sites seem fine.

http://www1.atitesting.com/ati_next_gen/ati/contents/library/en-us/full_rn_rm_ams_7_1.pdf

11 Replies 11

Kureli Sankar
Cisco Employee
Cisco Employee

Make sure

1. you dont' have any speed duplex issues (sh int)

2. Make sure there are no errors incrementing on the interfaces (sh int | i errors) type the command a couple of times.

3. Make sure you do not have http inspection enabled.

4. Do you have any content scanning devices? like CSC module or websense?

-KS

I do not see any speed/duplex issues.

I do see a couple errors on the outside interface but they don't seem to be incrementing fast.

     2 input errors, 0 CRC, 0 frame, 2 overrun, 0 ignored, 0 abort

HTTP is enabled. I could disable it. To tell the truth I don't understand what the "inspect" commands do.

     policy-map global_policy
      class inspection_default
       inspect dns migrated_dns_map_1
       inspect ftp
       inspect ils
       inspect netbios
       inspect rsh
       inspect rtsp
       inspect skinny
       inspect sqlnet
       inspect sunrpc
       inspect tftp
       inspect xdmcp
       inspect h323 ras
       inspect http
      class class_sip_udp
       inspect sip

We Do have Websense but the addresses I am trying from are not being filtered.

I appreciate your help:)

Interface errors incrementing should be looked at and resolved.

Pls. remove http inspection. If you have url-server configured on this firewall it will enable it in the back ground.

You can read about inspect http here: http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i2.html#wp1735782

Give it a shot once insepction is removed and let us know the result.

-KS

One other thing. See if you have TD enabled.

sh run threat

If so pls. disable and run the test.

sh run threat get the lines and get into conf t and copy and paste the threat lines with a "NO" in front of them.

-KS

When I did the sh run threat I get an i"invalid input" response.

I disabled inspect http and it seems to have helped.

Still looking at the interface errors.

Good. Glad to hear.

-KS

Boss, sometimes the invalid dns entry configured in the client's PC may cause.

Identify, if the problem is with one user and all the users.

Try to check the dns server ip address configured.

disabling the http inspection is vulnerable.

regards,

ssoc support

So what would be the danger of leaving "inpect http" disabled?

Did you read the link that I posted earlier?

You can read about inspect http here: http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i2.html#wp1735782

That will tell you what inspect http does.

So, you can understand what it is when you don't have it enabled.

-KS

Hi Kusankar, I read the link you provided. From what I understand inspect http will be enabled in the background if url-server is configured, even if the inspect http is removed.

We do not filter all of our IP address with the "filter url http" command, just our problem areas.

Yes, since you mentioned that you have a filter not to do filtering for this website and it still sees latency - meaning you were inspected by the explicit inspection configured under the policy-map and not  on the back ground one that url-server does automatically.

Something in the http inspection and this website doesn't agree with each other. If you would like to get to the bottom of it, pls. open a TAC case and investigate it further as captures, debugs and syslogs will have to be collected and analyzed.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: