Performance Issue behind ASA 5520

Unanswered Question
Feb 5th, 2014
User Badges:

Hi Community!


I've got an ASA 5520 (8.4.3) Failover Cluster.

Behind this ASA i have a couple of DMZ Networks. In one of these Networks (lets call it DMZ-A) i have an performance issue.

So, in DMZ-A i have 2 Windows2012R2 servers.

IP Server1: 10.0.233.10/24

IP Server2: 10.0.233.12/24


If i do an RDP session to Server1 from my Client Computer (at the inside Network - IP: 10.0.20.199) it is really slow. Also File Transfer is very slow. Ping gives me a "normal" replay.


If i do an RDP session to Server2 from my Client Computer everything works normal.


If i do an RDP session from Server2 to Server1 everything works normal.


I did a apcket capture to both servers, and when i analyse them with wireshark there is (at a sertain packet) a big difference. -> see attached files

ASA_10 -> 10.0.233.10

ASA_12 -> 10.0.233.12



Can anybody help me finding out whats going wong there?


Thanks a lot!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
XIE YAO Wed, 02/05/2014 - 02:18
User Badges:

Hi,


The two pcap shows when talking to .10 server, there were 10 times tcp out-of-order and 19 times windows full, while no such info in .12 server.


could you clear the asp drop, reproduce the issue and then show asp drop again?


also it would be helpful to paste your asa configuration, without real ip address of course.

RAINER PARZER Wed, 02/05/2014 - 03:24
User Badges:

Hi ... thanks for the answer.


Here is the Config. Hope i got all the relevant things in it.

Somehow the NAT statement causes the trouble:

object network 10.0.233.10

nat (dmz233,outside) static XXX.XXX.XXX.133


Because if i delete this statement, the RDP connection to the server works normal.



I delete all the network objects and object groups.

Also all the VPN configs are missing.





DELETED THE ASA CONFIG BECAUSE I SOLVED THE PROBLEM!!!! -> misconfiguration


Thanks !!

Actions

This Discussion