ASA and slow connection port 80 - http

Unanswered Question
Sep 15th, 2010

Hi all,

I have problem with connection ASA 8.3.1

web_server1 port 80 (inside_in1,Sec.Level 100,vlan1) <--- ASA5550 (1Gb)---> (Sec.Level 100,inside_in2,vlan2) web_client dynamic port (wget)

wget (linux web tools) have speed 150KB/s. This is verry low.

Inspect mod is OFF

Migrate port 80 on 1080. It's OK, speed is  cca 70MB/s (1Gb network).

Ssh speed cca 25 MB/s.

Please help, thanks.

Best regards,

Martin


Configuration:

class-map priority-class
  match port tcp eq 1080
class-map inspection_default
  match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
  parameters
    message-length maximum 512
policy-map type inspect esmtp esmtp_map
  parameters
    no mask-banner
    allow-tls action log
policy-map global_policy
  class inspection_default
    inspect dns migrated_dns_map_1
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect esmtp esmtp_map
    inspect ip-options
    inspect ftp
policy-map qos_policy
  class priority-class
    police output 900000000 45000
   inspect http 
   police input 900000000 45000
!
service-policy global_policy global
service-policy qos_policy interface inside_1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Wed, 09/15/2010 - 08:33

Hello,

I see that in your configuration, you are inspecting HTTP traffic. Can you turn it off?

policy-map qos_policy

  class priority-class

   no inspect http

Hope this helps.

Regards,

NT

martinjina_2 Thu, 09/16/2010 - 01:16

Hi,

this inspect is for port 1080.

I try

no inspect http

in

policy-map qos_policy

Unfortunately, no results. Speed is low.

I'm using the routing between vlan1 and vlan2

Thanks for your response


MJ

Actions

This Discussion

Related Content