I'm running IOS firewall on 2 different routers. A 2851 and a 2821. Both are running 12.4(3g) Adv Sec images. Both routers are connected to an internal WAN and also to an external ISP such as a cable modem. They also have LAN interfaces. Default gateway is the "outside" interface connected to the cable modems.
At both sites which are geographically dispersed I'm having very slow response from some websites. In particular www.enterprise.com. If we connect a laptop directly to the cable modem it works fine. If we reroute the default gateway across the WAN to the HQ it works fine. The only time it's slow is when we're routing through the IOS firewall locally at each site. Accessing most sites is ok, it's just a couple that take a very long time (if ever) to finish loading.
I've tried removing the inspect statement from the inside interface. I've tried removing the http inspect statement specifically. I've even tried changing the MTU's to 1492. Even tried changing the NAT translation finrst-timeout to 3600! Nothing is making a difference.
Any suggestions on how to fix this? Or better yet, any debugging I can do?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...