Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Performance Issue behind ASA 5520

Hi Community!

I've got an ASA 5520 (8.4.3) Failover Cluster.

Behind this ASA i have a couple of DMZ Networks. In one of these Networks (lets call it DMZ-A) i have an performance issue.

So, in DMZ-A i have 2 Windows2012R2 servers.

IP Server1: 10.0.233.10/24

IP Server2: 10.0.233.12/24

If i do an RDP session to Server1 from my Client Computer (at the inside Network - IP: 10.0.20.199) it is really slow. Also File Transfer is very slow. Ping gives me a "normal" replay.

If i do an RDP session to Server2 from my Client Computer everything works normal.

If i do an RDP session from Server2 to Server1 everything works normal.

I did a apcket capture to both servers, and when i analyse them with wireshark there is (at a sertain packet) a big difference. -> see attached files

ASA_10 -> 10.0.233.10

ASA_12 -> 10.0.233.12

Can anybody help me finding out whats going wong there?

Thanks a lot!!

2 REPLIES
Community Member

Re: Performance Issue behind ASA 5520

Hi,

The two pcap shows when talking to .10 server, there were 10 times tcp out-of-order and 19 times windows full, while no such info in .12 server.

could you clear the asp drop, reproduce the issue and then show asp drop again?

also it would be helpful to paste your asa configuration, without real ip address of course.

Community Member

Re: Performance Issue behind ASA 5520

Hi ... thanks for the answer.

Here is the Config. Hope i got all the relevant things in it.

Somehow the NAT statement causes the trouble:

object network 10.0.233.10

nat (dmz233,outside) static XXX.XXX.XXX.133

Because if i delete this statement, the RDP connection to the server works normal.

I delete all the network objects and object groups.

Also all the VPN configs are missing.

DELETED THE ASA CONFIG BECAUSE I SOLVED THE PROBLEM!!!! -> misconfiguration

Thanks !!

296
Views
0
Helpful
2
Replies
CreatePlease to create content