We have a configuration where we go through a firewall (ASA 5510) to a router, which decides if it is internet traffic or another network used for colleges etc in Canada called SRNet. If it is internet traffic it then goes through another ASA 5510 to the internet.
When we tested we were not seeing the speed of our internet (about 1/10th). We tested by putting the laptop before the internet firewall and we get the throughput. We also threw the test laptop before the router and we got the throughput expected. But when the test laptop is before the internal (first) firewall we get about 1/10th the speed.
We are natting on both firewalls, so from the inside we are going from a private IP to a Public IP (so it can go to SRNet is need be), then natting again to the internet IP on the second firewall.
Any ideas why the speed is so slow behind the internal firewall would be appreciated.
Re: Issue with speed through 2 firewalls (ASA 5510's)
Set all the Cisco device's interface which are connected to the slow firewall to full duplex and the highest speed and ensure the same is done at the other end. Also can you please proivde a quick network diagram if possible with some made up IP address.
Can you please post a show interface on device which is slow?
Also can you check you cpu of the firewall?
Is the connection always slow or is it just at some parts of the day?
Can you please post the config of the devices connected on a text file, if you like please amend ip address to relate to the diagram.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :