ASA and slow connection port 80 - http

martinjina_2 · ‎09-15-2010

Hi all,

I have problem with connection ASA 8.3.1

web_server1 port 80 (inside_in1,Sec.Level 100,vlan1) <--- ASA5550 (1Gb)---> (Sec.Level 100,inside_in2,vlan2) web_client dynamic port (wget)

wget (linux web tools) have speed 150KB/s. This is verry low.

Inspect mod is OFF

Migrate port 80 on 1080. It's OK, speed is cca 70MB/s (1Gb network).

Ssh speed cca 25 MB/s.

Please help, thanks.

Best regards,

Martin

Configuration:

class-map priority-class
match port tcp eq 1080
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
    message-length maximum 512
policy-map type inspect esmtp esmtp_map
parameters
    no mask-banner
    allow-tls action log
policy-map global_policy
class inspection_default
    inspect dns migrated_dns_map_1
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect esmtp esmtp_map
    inspect ip-options
    inspect ftp
policy-map qos_policy
class priority-class
    police output 900000000 45000
   inspect http
   police input 900000000 45000
!
service-policy global_policy global
service-policy qos_policy interface inside_1

Nagaraja Thanthry · ‎09-15-2010

Hello,

I see that in your configuration, you are inspecting HTTP traffic. Can you turn it off?

policy-map qos_policy

class priority-class

no inspect http

Hope this helps.

Regards,

NT

martinjina_2 · ‎09-16-2010

Hi,

this inspect is for port 1080.

I try

no inspect http

in

policy-map qos_policy

Unfortunately, no results. Speed is low.

I'm using the routing between vlan1 and vlan2

Thanks for your response

MJ