Upgraded from FWSM 2.2 single routed context to FWSM 3.1.5, multiple context, transparent mode on 6513( Sup2 MSFC2 ver 12.2(18)SXF6), no ACLs on router. Number of Vlans and hosts didn't change. After the upgrade ping respons times to machines behind the router/ firewall are much higher and irregular. Anyone has a clue what could cause this difference and how to 'stabilize' ping times ? Overall performance seems good. I had no complaints from customers yet, but our Nagios management system keeps sending these messages about to high respons times. More info and details available on request.
High and irregular ICMP respose time are usually because of the packets taking alternate paths towards, or from the destination, for example some sort of load sharing. But this should not be the case if no config change has been done or some device is added in between. You can use command "traceroute destination_ip" to check if the packets are taking the right path to the destination.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...