ASA 5520 not passing full interface rate traffic, or anywhere near

Unanswered Question
Apr 13th, 2012
User Badges:

I have an issue where our ASA 5520 is impacting upload (from LAN to internet) speed.

We have a 100Mbps SDSL internet link and only see around 45-50 Mbps on the upload when going via the firewall, download is around 90+ Mbps so that is acceptable.

I have tested a laptop connected directly to the internet router and that give near on the 100Mbps up and down speeds, but if I put that laptop on the LAN or directly onto the firewall interface I only see 90Mbps down and 45Mbps up.

I have check that the interface speeds/duplex on the firewall, switch and laptop are correct and also checked there are no errors on the ports.

I also turned off the IPS and that made no difference.

In addition I have checked the CPU during download/upload (max):

CPU utilization for 5 seconds = 9%; 1 minute: 3%; 5 minutes: 1%

In theory the 5520 should be able to cope with this throughput:

Cisco ASA 5500 Series Model/License:    5520

Maximum firewall throughput (Mbps):          450 Mbps

Maximum firewall connections:                      280,000

Maximum firewall:                                               12,000

Packets per second (64 byte):                       320,000


Can any explain why this is the case?

I cannot see a physical issue, so it seems as though there is a config issue. I haven't changed any system parameters that would effect this, so d I need to tune the ASA?

Version: 8.2(4)

Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz Internal ATA Compact Flash, 256MB

IPS Module ASA-SSM-20 (Ver 7.0(4)E4)

I have a variety of services running on/through this firewall:

Interface: Private/Public/DMZ/MPLS

VPN: SSL/Cisco-client/S2S

Standard firewall rules & NAT'ing

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion