Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

http browsing is slow through ASA5510

Hi All,

We have one ASA5510 and one Websense as URL filter server. Recently we increased TCP connection number to 40 in order to solve the "URL server down" issue in ASA. Although the error message "URL server down" is gone, the users are still experiencing slow web browsing issue. The "show url-server statistics" still has lots of server time out and retries. Does that mean we still need increase TCP connection number to get rid of Server timeout and retries? Or this is the limitation of ASA when configured with TCP connection with URL filter server? This slow web browsing happened anytime even when not so many users were browsing on very early morning.

We don't have http inspection configured to slow the processing. In addition, someone online said it could be caused by out-of-order http packets. When I show asp drop, I see "TCP Out-of-Order packet buffer timeout" is increasing slowly. It seems not out-of-order packets caused the issue.

Please help. Any idea will be greatly appreciated.

Lou

2 REPLIES
Cisco Employee

Re: http browsing is slow through ASA5510

You would need to check where the slowness is introduced.

It could be the ASA buffering the HTTP responses until hearing the websense response.

It could be websense slowing down the "YES" or "NO" responses for pages.

It could be the ASA delaying sending the requests to websense.

I suggest to capture the http packets and the GRE packets going to websense and trying to find where the slowness is introduced.

I hope it provides some guidance.

PK

Re: http browsing is slow through ASA5510

You might use url-block command to adjust "block", "url-mempool", "url-size"...

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1577079

Setup "url-cache" will helpful as well.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1580936

1238
Views
0
Helpful
2
Replies