Facing slowness in accessing a particular website.

Unanswered Question
Sep 20th, 2010

Hello,

I am facing a problem in my Singapore office network that a single website is taking 2-3 minute to load the page however other sites are opening very quickly. Proxy server is there in between and users accesing site through proxy. I tried accessing site via DMZ out bypassing firewall and proxy page is opening quickly. Also if I use our US proxy result is good,problem is only with singapore proxy and only for a single website i.e
http://202.96.221.2 . Even proxy authentication prompt is taking time to pop up on screen for this particular website. Connectivity is like ....
Internet route------->Firewall------> Proxy------>User in LAN

Can somebody please suggest on this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 09/20/2010 - 22:07

You mentioned that the problem is not necessarily the ASA because even bypassing the ASA, the proxy response is slow correct?

Might be a problem with the proxy server.

Things to look in the ASA could be if you're doing HTTP inspection or if there's any rule defined for this particular site.

I had a similar problem before and it turns out it was a Traffic Shaper device facing the Internet... (no other device in the path that could be causing the slowliness)?

Federico.

rishant123 Mon, 09/20/2010 - 22:19

Hi Federico,

I bypassed ASA and proxy both. I jus connected a host directly after the firewall with DMZ out switch and the result is perfect. There is no policy or rule in firewall for this particular website, policies are same for all. There is no traffic shaper or any WAN accelerator placed with firewall. Proxy authentication prompt takes time to come up on screen just for this particular website and works normally for all other sites. And when we use US proxy it works fast

for this site however traffic is crossing through same firewall.

Federico Coto F... Mon, 09/20/2010 - 22:29

Is there any chance that you can try bypassing the proxy and just sending the traffic to this website through the ASA?

In other words, do the same test but not using the proxy on the local machine (just sending the traffic through the ASA as it will normally will).

The ASA should not be slowing this particular traffic if there's not any weird configuration on it.

Federico.

rishant123 Mon, 09/20/2010 - 22:41

Yes, some rules need to be added on ASA. I will do this testing and will check the same as you said. One more thing I found that if we nslookup the ip

202.96.221.2 its not getting resolved, so is it possible it could take time from DNS server side to resolve this website?

Magnus Mortensen Tue, 09/21/2010 - 07:22

Rishant,

     Your DNS server should not be trying to do a reverse lookup on the IP address, the server should only turn hostname into IP. WHat is the URL you are trying to browse to? If you setup some captures on the ASA, what do you see:

cap in interface inside match ip any host 202.96.221.2

cap out interface outside match ip any host 202.96.221.2

show cap out

show cap in

rishant123 Tue, 09/21/2010 - 20:44

There is no URL for this ip, user is only accesing the site with ip only. Thats what i am trying to find out whether there is any delay or something which DNS is causing and trying resolving the IP. Is it possible that DNS could cause this issue as site is accessing through ip only and there is no entry

for this ip in DNS?

mirober2 Wed, 09/22/2010 - 10:55

Hi Rishant,

DNS doesn't come into play at all if the users are accessing the host directly by IP address.

Were you able to perform the test that Federico suggested, where the traffic passes through the ASA but not the proxy? This will help you to focus on either the ASA or the proxy as the cause of the slowness.

-Mike

rishant123 Thu, 09/23/2010 - 06:45

Mike/Kusankar

I am in planning to do these testings. This document is really good I will start step by step to get the root cause of this. Will update once done with testing.

Thanks

Actions

This Discussion