Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Hardwired via 5505 is very slow. WiFi is fast.

Hello from Ecuador,

We have a very small office with no more than 10/15 users at a time.  Our ISP provided speed is 7down and 3up.

We have deployed an ASA5505 in our network, and our very simple topology looks like:

Cable Modem > ASA5505 ------- AP1262 (via PoE port on ASA)



                     Plug and Play D-Link 24port Switch 

When users connect to the AP, they are getting the normal browsing speeds as mentioned above.

However, all the hardwired users' download speed is less than 1mb (their upload is normal).

(Note that when we deploy the old Linksys router back in-place of the ASA, everything seems back to normal.  Its only with the ASA we are experiencing this).

Below is the very simple config from the ASA. 

Any advice/guidance is highly appreciated on how to resolve the speeds for our hardwire users.

ASA Version 8.4(2)


hostname WCS-Ecuador

enable password 6klE4j2hhSXaLMNg encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Ethernet0/0

description LINK TO ISP

switchport access vlan 100

duplex full

speed 100


interface Ethernet0/1

duplex full

speed 100


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


interface Vlan1

nameif INSIDE

security-level 100

ip address


interface Vlan100

nameif OUTSIDE

security-level 0

ip address <removed for security>


ftp mode passive

object network Ecuador-INSIDE


pager lines 24

mtu INSIDE 1500

mtu OUTSIDE 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400


object network Ecuador-INSIDE

nat (INSIDE,OUTSIDE) dynamic interface

route OUTSIDE <removed for security> 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5


ssh timeout 5

ssh version 2

console timeout 0

dhcpd dns <removed for security>


dhcpd address INSIDE

dhcpd enable INSIDE


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username tabbasi password eUopM1EefaUVVnUY encrypted privilege 15


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

  inspect icmp

  inspect icmp error


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


profile CiscoTAC-1

  no active

  destination address http

  destination address email

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily


: end


Hardwired via 5505 is very slow. WiFi is fast.


Do you see any errors on ASA Eth0/1(to switch)?  Running the similar speed tests with wired and wifi? Client traffic on network is same as well?



CreatePlease to create content