Hi there, I am having such a hard time with this ASA 5505, we have a CIR of about 9Mb up and down and the ISP hands the link on a Netgear prosafe 8 ports GS108T switch, from there we connect our ASA 5505 with default config except for a few VPN settings, the issue is that behind the ASA all PC's experience slow upload speed of about 1.5Mb,, the download seems to be ok at about 8.7Mb, when we test behind the Netgear bypassing the ASA we get around 9MB download and upload as well. I checked the interfaces and did not find any collisions, errors, etc everything looks fine from the show Int, also duplex and speeds are set to auto, all users are connected straight into the remaining ASA ethernet ports..here is the config...am I missing some?...please can someone recall having same issue here?...I apprecciate any advice.
I am facing simular performance issues compare to Juniper NetScreen 5. With ASA I get barely 4Mbps down and 3Mbps upload. On same internet connection, with Juniper Netscreen 5GT, I get 15Mbps down with 9Mbps up.
ASA 5505 is a garbage box in my opinion. Their marketing numbers are dead wrong(which says 150Mbps). My $500 has gone down in tube with ASA purchase. Instead of suffering slow bandwidth every day, I decided to switch to netscreen and say goodbye to ASA5505.
My 2 cents.
Yes, I feel the same, we are in the middle of redrawing this small part of our network and probably will recommend a Juniper solution too. In the mean time we have been trying different configurations and the closest thing to our CIR is about 80% down 55% up and that's only with 50% of memory resource being used...imagine if we push it any further....
hey thanks a lot.
Yes. Speed/duplex was hard coded and didn't make any diff. I can't hard code external interface because it goes to the cable modem and that's usually set to auto. I can't change cable modem configuration.
If I hard code external interface, it would negotiate to half duplex.
In short, this is a very poorly designed box with hyped up numbers about throughput. I would not recommend ASA5505 for anybody requiring more than 4Mbps of bandwidth.
First thing it came up to my mind was a duplex mismatch so I went to the ISP and got their switchport config and hardcoded the ASA to whatever they handoff was. it was set up as default, it improved the bandwidth a little bit but not to where it is supposed to be, interfaces statistics do not show any errors, collisions...only a few packages being drop due to firewall policies, I suspect it is a hardare issue as we had another box set today in the morning, we tftp config between them and the new box works just fine, the thing that's freaking me oout is that we could not find any errors or sort of alerts by looking at the switchports....anyways, I recomend Cisco most of the time to my clients but I think this little box is not worth what we paid for it.
You can check " show asp drop " statistics .. there could be number of reasons .. unfortunatetely you have to look into it.. I have seen ASA5505 bandwidth operatining just fine where ISP is 3 MB but internet router would have two T1s aggrated down/up is just about right.. I had one setup in one of our HK office but ISP hands of ethernet and do Rate limiting to 4M in ASA Down/Up sucks don't pass over 2MB .. even after ISP email me rate limiting config in their router to not call them liers.. :) ... interfaces was cleared of any errors but output of asp drop in ASA was high of TCP RST/FIN out of order.. Im still looking into it... sounds to me in my case rate limiting has somthing to do with this.. when I compare the two scenarios.
What kind of traffic did you use? icmp seems to work fine. I think TCP is where seems to be the problem. If you lab setup is not torn down, can you please tcp or even http and see how that comes out?
I don't know when my problem is then. The box works slow when connected to the ISP conenction. I will test if it works better internally just like your lab.