Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA makes Internet slower

I have just put in a ASA 5510 and since I put it in, my Internet connection has really slowed down alot. Anyone know why this might be? I had a check point firewall in before, and had no issues at all. I was wondering if anyone else experienced this?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA makes Internet slower

Use the show blocks command.

The show blocks command helps to determine if the security appliance is overloaded. This command lists the pre-allocated system buffer utilization. A full memory condition is not a problem as long as traffic moves through the security appliance. Issue the show conn command in order to see if the traffic moves. If the traffic does not move and the memory is full, there can be a problem.

This information can also be viewed through the Simple Network Management Protocol (SNMP).

The information shown in a security context includes the system-wide information as well as context-specific information about the blocks in use and the high water mark for block usage.

Examples

This is a sample output from the show blocks command in single mode:

hostname#show blocks

SIZE MAX LOW CNT

4 1600 1598 1599

80 400 398 399

256 3600 3540 3542

1550 4716 3177 3184

16384 10 10 10

2048 1000 1000 1000

In order to resolve this issue, download and upgrade PIX/ASA to software version 7.2.2 (18) or later from Cisco Downloads. If issue still exists contact Cisco Technical Support.

Please rate post if it helps.

4 REPLIES

Re: ASA makes Internet slower

Use the show blocks command.

The show blocks command helps to determine if the security appliance is overloaded. This command lists the pre-allocated system buffer utilization. A full memory condition is not a problem as long as traffic moves through the security appliance. Issue the show conn command in order to see if the traffic moves. If the traffic does not move and the memory is full, there can be a problem.

This information can also be viewed through the Simple Network Management Protocol (SNMP).

The information shown in a security context includes the system-wide information as well as context-specific information about the blocks in use and the high water mark for block usage.

Examples

This is a sample output from the show blocks command in single mode:

hostname#show blocks

SIZE MAX LOW CNT

4 1600 1598 1599

80 400 398 399

256 3600 3540 3542

1550 4716 3177 3184

16384 10 10 10

2048 1000 1000 1000

In order to resolve this issue, download and upgrade PIX/ASA to software version 7.2.2 (18) or later from Cisco Downloads. If issue still exists contact Cisco Technical Support.

Please rate post if it helps.

New Member

Re: ASA makes Internet slower

Thanks. It seems to ok there. We only have about 5 users using a full t1 on it. Couldnt be overloaded at this point. We do have ver 7.0 something. Are there issues with the IOS before 7.2.2(18)?

Re: ASA makes Internet slower

Yes. There was a memory leak issue in PIX/ASA version 7.2(1).

During this issue, the block memory depletes.

New Member

Re: ASA makes Internet slower

ok, did the upgrade to 7.2(4). Much better now. Thanks.

143
Views
0
Helpful
4
Replies