cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3763
Views
0
Helpful
6
Replies

ASA 5520 slows down Internet connection

CCOintIPS
Level 1
Level 1

I have a mysterious problem with my Internet connection. The Edge topology is in the attachment so are the most important "show" commands. We have a 50Mb/s symmetric Internet connection. When we use Internet through ASA the download speed does not exceed 3Mb/s whereas the upstream is at about 45Mb/s. When we connect our LAN directly to 2960 the downstream increases dramatically up to 47Mb/s whereas the upstream remains at about 45Mb/s. Duplex is manually set to 1000/full on all interfaces. All that I have noticed are dropped packets on outside interface (Gi0/0). The reason is unclear. Could that be the reason for speed degradation?

What could be the problem?

Any help is appreciated!

6 Replies 6

Panos Kampanakis
Cisco Employee
Cisco Employee

First I would check duplex and speed mismatches between the ASA ports and the devices that are connected to it. Errors under their interfaces will prove that this is the problem.

I hope it helps.

PK

I don`t think it is a duplex mismatch issue as packets are dropped on logical interface "outside" but not on the physical. The second reason is tha all ports are configured for 1000/Full manually. I`ll try aplying auto-negotiation on this ports may be it will help.

Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Description: -= Internet - Sovintel =-
        MAC address 001a.6d7c.8cd6, MTU 1500
        IP address 62.141.82.195, subnet mask 255.255.255.240
        1771674455 packets input, 1224267434729 bytes, 0 no buffer
        Received 53794 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        19090 L2 decode drops
        1698087161 packets output, 664356941838 bytes, 86 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)
  Traffic Statistics for "outside":
        1028102662 packets input, 682414356148 bytes
        985584489 packets output, 360564996151 bytes
        5526716 packets dropped
      1 minute input rate 704 pkts/sec,  538517 bytes/sec
      1 minute output rate 713 pkts/sec,  316581 bytes/sec
      1 minute drop rate, 6 pkts/sec
      5 minute input rate 642 pkts/sec,  509791 bytes/sec
      5 minute output rate 604 pkts/sec,  183650 bytes/sec
      5 minute drop rate, 6 pkts/sec

If you have any other ideas please let me know.

I would focus on

Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Description: -= Internet - Sovintel =-
        MAC address 001a.6d7c.8cd6, MTU 1500
        IP address 62.141.82.195, subnet mask 255.255.255.240
        1771674455 packets input, 1224267434729 bytes, 0 no buffer
        Received 53794 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        19090 L2 decode drops
        1698087161 packets output, 664356941838 bytes, 86 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)

Your outbound aggregate traffic could get very high at some point (underruns). And L2 decode drops could be L2 problems with the switch.

I hope it helps.

PK

I have cleared the counter information and this L2 counters do not grow. But Internet connection is still very slow. Applying speed and duplex auto-negotiation didnot help.

Any Ideas what else could limit the speed?

CCOintIPS
Level 1
Level 1

Guys! Need your help! Anyone any ideas???

tadben2000
Level 1
Level 1

ASA 5520 slows down Internet connection

Dear Telecom Engineer

I have faced the same problem in my newly deployed network. I have two ASA5520-AIP20-k9. both connected to IPS and configured as Active standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) is some times in 2000  msec or above

when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec.

can you please post the solution to this problem you faced 3 years ago. or anyone who have faced and resolved this problem please post the solution.

Tadesse

Ethiopia

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: