Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
TCP connections that pass through the ASA firewall are very slow when the SSM module is enabled
This issue can occur due to the presence of Cisco bug ID CSCse46220.
This problem occurs as ASA attempts to re-order all packets matched in the access-list of the associated class.
In order to resolve this issue, complete these steps:
Adjust the access-list reference in the class-map command in order to remove the problem traffic from inspection by the SSM.
Increase the queue-limit under the tcp-map command. This can help with performance, although it can take some trial and error in order to find the optimal queue-limit value that delivers the best performance.
Clear the selective-ack and timestamp options from the tcp-options command.
This is an example of an adjusted queue-limit with cleared selective-ack and timestamp options: