Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
2
Replies

http browsing is slow through ASA5510

hxmengmetro
Level 1
Level 1

‎11-15-2010 09:09 AM - edited ‎03-11-2019 12:09 PM

Hi All,

We have one ASA5510 and one Websense as URL filter server. Recently we increased TCP connection number to 40 in order to solve the "URL server down" issue in ASA. Although the error message "URL server down" is gone, the users are still experiencing slow web browsing issue. The "show url-server statistics" still has lots of server time out and retries. Does that mean we still need increase TCP connection number to get rid of Server timeout and retries? Or this is the limitation of ASA when configured with TCP connection with URL filter server? This slow web browsing happened anytime even when not so many users were browsing on very early morning.

We don't have http inspection configured to slow the processing. In addition, someone online said it could be caused by out-of-order http packets. When I show asp drop, I see "TCP Out-of-Order packet buffer timeout" is increasing slowly. It seems not out-of-order packets caused the issue.

Please help. Any idea will be greatly appreciated.

Lou

Labels:
0 Helpful
2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-15-2010 09:33 AM

You would need to check where the slowness is introduced.

It could be the ASA buffering the HTTP responses until hearing the websense response.

It could be websense slowing down the "YES" or "NO" responses for pages.

It could be the ASA delaying sending the requests to websense.

I suggest to capture the http packets and the GRE packets going to websense and trying to find where the slowness is introduced.

I hope it provides some guidance.

PK

0 Helpful

Yudong Wu
Level 7
Level 7

‎11-15-2010 03:32 PM

You might use url-block command to adjust "block", "url-mempool", "url-size"...

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1577079

Setup "url-cache" will helpful as well.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1580936

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card