ASA and slow connection port 80 - http

Unanswered Question
Sep 15th, 2010
User Badges:

Hi all,

I have problem with connection ASA 8.3.1

web_server1 port 80 (inside_in1,Sec.Level 100,vlan1) <--- ASA5550 (1Gb)---> (Sec.Level 100,inside_in2,vlan2) web_client dynamic port (wget)

wget (linux web tools) have speed 150KB/s. This is verry low.

Inspect mod is OFF

Migrate port 80 on 1080. It's OK, speed is  cca 70MB/s (1Gb network).

Ssh speed cca 25 MB/s.

Please help, thanks.

Best regards,



class-map priority-class
  match port tcp eq 1080
class-map inspection_default
  match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
    message-length maximum 512
policy-map type inspect esmtp esmtp_map
    no mask-banner
    allow-tls action log
policy-map global_policy
  class inspection_default
    inspect dns migrated_dns_map_1
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect esmtp esmtp_map
    inspect ip-options
    inspect ftp
policy-map qos_policy
  class priority-class
    police output 900000000 45000
   inspect http 
   police input 900000000 45000
service-policy global_policy global
service-policy qos_policy interface inside_1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Wed, 09/15/2010 - 08:33
User Badges:
  • Cisco Employee,


I see that in your configuration, you are inspecting HTTP traffic. Can you turn it off?

policy-map qos_policy

  class priority-class

   no inspect http

Hope this helps.



martinjina_2 Thu, 09/16/2010 - 01:16
User Badges:


this inspect is for port 1080.

I try

no inspect http


policy-map qos_policy

Unfortunately, no results. Speed is low.

I'm using the routing between vlan1 and vlan2

Thanks for your response



This Discussion

Related Content