We recently had a new WAN connection installed (1Gbps) and bought an ASA5525-X (9.1.2) to provide firewall and VPN services (1 L2L and a small number of remote users) to our site. Everything seemed to be working ok when initially installed but after we enabled the CX module (9.1.1) and started passing traffic to it transfer rates plummeted, especially when trying to upload videos to YouTube/Dropbox and files to servers in our DMZ.
We currently have 3 interfaces configured, Outside, Inside and DMZ all auto negotiating at 1000/Full all connected to the inside switch which is carved up into separate VLANs for the 3 segments. The ASAs inside interface is the network default gateway as we have no internal router and the switch sitting behind the firewall is an old Procurve 2848.
Service policy rules on the ASA are global inspection_default (HTTP turned off as per the CX guide) and interface inside matching any traffic and passing it to the CX module (tcp-state-bypass is currently checked temporarily which disables the CX checking to improve the speed while trying to solve the issue).
Inspect: dns preset_dns_map, packet 7379716, lock fail 0, drop 7057, reset-drop 0, v6-fail-close 0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :