Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2100
Views
0
Helpful
4
Replies

ASA 5510 bottleneck

johnnywi43
Level 1
Level 1

‎07-20-2012 02:16 PM - edited ‎03-03-2019 06:41 AM

I have a 100mbps internet connection from my ISP but once the connection hits the ASA the download speed gets reduced to 15mbps. My network is setup as follows: ISP Modem ---- Edge Switch ----- ASA --- Internal Cisco Switches

If I plug my computer into an extra port on the Edge Switch I get speeds around 92mbps with normal traffic still going to the ASA. But when I plug into the ASA and internal switches I have speeds of 15mbps.

I have made sure that duplex/speed match on the links. I have done packet captures and within  two minutes I do have several dup acks and retransmissions. The retransmissions don't seem to match the dup acks. (The retransmission is not for the dup ack requested so the dup ack keeps being resent)

The only interface error is on the inside interface which includes 700 overruns in a weeks worth of time.

I am not using an IPS/IDS. I do have several vpns on it but was not going through a vpn tunnel. I am also using NAT.

I am using an ASA 5510 8.2(1)

Any ideas on what could be causing the problem would be appreciated.

Thanks

Labels:
0 Helpful
4 Replies 4

nkarthikeyan
Level 7
Level 7

‎07-22-2012 01:33 AM

Hi Johnny,

Please try with the following command.

ASA interface connecting to the switches and on the switch interfaces as well

int gig

flowcontrol send on

!

This will resolve your issue. If not refer the following guide which helps with other methods as well for solving the problem.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#speed

Please do rate if the given information helps.

By

Karthik

0 Helpful

johnnywi43
Level 1
Level 1
In response to nkarthikeyan

‎07-23-2012 09:07 AM

Karthik thank you for the reply. The flowcontrol command does not seem to be available on my ASA from looking at the following Cisco document http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html#wp1952456 it was not available on 1GB ports until 8.2(5) and I am on 8.2(1). Looks like I will have to do an upgrade before I can try that command on the ASA. I did try it on the switch port connected to the ASA and my speed did not improve.

I went through the document that was in the link that you posted but did not find anything that helped.

By the way I forgot to mention that my upload speed is fine. My upload is 80-90 mbps but my download is 15mpbs when it should be near 100.

Thanks again for your help.

0 Helpful

Ameulen01
Level 1
Level 1
In response to johnnywi43

‎03-21-2013 12:46 PM

hello johnnywi43,

Did you fix the problem after upgrade or was there another solution? I also have a customer with 60Mb download and 2Mb Upload through the ASA.

0 Helpful

johnnywi43
Level 1
Level 1
In response to Ameulen01

‎03-21-2013 02:20 PM

The problem I was having was with the download speed. I found that an admin before me created a QOS policy to throttle the http traffic so it won't use all of the bandwidth. So when our speed with our ISP was increased from 20 mpbs to 100 mpbs our download speeds stayed at 15 mbps. All I had to do was remove/or change the QOS policy.

0 Helpful
Customers Also Viewed These Support Documents