Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

asa 5520 csc-ssm incredibly slow on HTTP scanning

Hi All,

Having problems with two ASA's both with CSC-SSM modules and wondered if anyone had seen anything similar.

The first ASA only has the SSM module and is set up as the documentation examples, with service-policy applied to the inside interface. When scanning is enabled, web browsing becomes so slow it is unusable, when disabled on the module everything is fine. We have checked the default gateway and ip settings, etc and have had our Trend guru take a run through the configuration and can't find anything wrong. The SMTP side of this is fine only HTTP has problems.

The second site is a little more complex, with CSC module and external websense server. The websense side works as expected however with the CSC module is also enabled firstly, any rejection messages from websense return "page cannot be displayed" to the browser rather than the websense error page, and secondly standard web browsing is incredibly slow. Again, SMTP works as expected.

I can post configs as needed however has anyone else seen these type of symptoms ? Does anyone have a CSC module running as it should ?

I can appreciate that scanning will add a delay to the proceedings and that the expectation with HTTP is greater than SMTP however this is too slow for genuine use right now and I`m struggling for solutions.

Cheers

Chris

5 REPLIES
Bronze

Re: asa 5520 csc-ssm incredibly slow on HTTP scanning

Try using the command :FILTER URL EXCEPT

New Member

Re: asa 5520 csc-ssm incredibly slow on HTTP scanning

Hello

Not sure what you mean by this, perhaps excluding images etc from being scanned ?

Cheers

Chris

New Member

Re: asa 5520 csc-ssm incredibly slow on HTTP scanning

We have a CSC-SSM 10 in a 5510 that is configured just like your first example, and exhibits the same behaviour. I've loaded the latest SW on it with no improvement (despite the fact that the "caveats solved" section implies this is fixed.

New Member

Re: asa 5520 csc-ssm incredibly slow on HTTP scanning

Hi Matt,

I've not revisited the 1st example, however the 2nd example seems to be working. For no apparent reason it started working then it broke for no apparent reason then about 10 mins later started working again for no apparent reason.

When you say latest software, do you mean CSC-SSM s/ware or ASA software. We have ASA v8 (the latest point release) plus latest Trend software installed. That said, with that 50 or so users the CPU on the csc-ssm is maxed at 100% permanently during working hours.

One thing - related to the 2nd example. If using csc-ssm and websense things seem to behave better if you reference csc-ssm a new policy then websense in the global policy.

Either way, I`m far from convinced about csc-ssm being anything other than a small office 10-20 user solution.

New Member

Re: asa 5520 csc-ssm incredibly slow on HTTP scanning

Chris

We're running the 6.1.1587 on the CSC-SSM-10 and 7.2(2) on the ASA 5510 with about 175 people behind it. We had the processor running at 100% all day with the last rev of CSC software (6.1.1569). The newer version appears to be a little more processor friendly although we have not been able to do URL filtering for an appreciable amount of time. As you said, the SMTP filtering works great!

Maybe it's only suitable for a very small environment as you said, we're pretty disappointed and it does not look like we'll be renewing our licenses for it.

502
Views
0
Helpful
5
Replies
CreatePlease to create content