Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Server slow through ASA 5520 -Urgent


In my office one new IBM AS/400 server is installed.The server internal ip is nated with public ip and opened 6013 port.The server applications are fast through local LAN but it's dead slow when it is accessing through internet by the outside users.For the verification I have directly conncted the server from the internet router and assign public IP into it.That time it's very fast for the outside users and running fine.Problem is whenever the CISCO ASA 5520 comes into the scenario the server going to dead slow for the outside users.

even i gave given any any in access-list, but still same problem.

please guide to solve this issue..




Re: Server slow through ASA 5520 -Urgent

Hi Somnath,

In your static statement for server, try adding "norandomseq" statement at the end.

If it doesnt work, remove the "norandomseq" and check MTU settings.

Do you have access lists applied to outbound of any interface?


New Member

Re: Server slow through ASA 5520 -Urgent


i have checked with "norandomseq" statement but it was not working. In my ASA MTU size is 1500, is it sufficient?

in the ASA only in bound access-list has been configured and placed in the outside interface.


access-list outside_in extended permit ip any any

access-list outside_in extended permit udp any any

access-list outside_in extended permit tcp any any

access-group outside_in in interface outside

Please help in this issue...



New Member

Re: Server slow through ASA 5520 -Urgent

I'm curious if it could be your inspect rules. I would suggest to do a debug while you can verify traffic is going through the ASA. That way you can see what is going on, whether you are getting syn/acks resets.. or whatever.

As far are your MTU size, its standard, so no issues SHOULD be seen from that.

But, I believe the primary thing you should do is get a look at how the traffic is interacting with the ASA. The ACL you put in place cleared any type of access control. Unless you have another ACL attached to the IN interface in the "out" direction.

CreatePlease to create content