Throughput issues in Cisco ASA 5510

VAbr AVib — Tue, 12 Mar 2019 01:36:14 GMT

For internet connectivity, we have a Cisco Firewall connected to a BGP router multihomed with 2 ISP. Attached the high level diagram for reference.

We have noticed that the bandwidth usage over the primary connectivity is less than 5 % of the total 100 mbps internet bandwidth, same way if i route the traffic via the secondary path then the bandwidth goes at an average up to 30 %.

I have noticed that if i use any fast download softwares like DAP, then i am getting a speed of almost 10 Mbps but the normal usage is not crossing 5%. Is there any settings in ASA that i have to do to make this primary interface use more bandwidth.

Throughput issues in Cisco ASA 5510

VAbr AVib — Mon, 29 Apr 2013 12:26:25 GMT

It looks like only the http traffic that is not giving the throughput, the VPN and all other traffic is perfectly working. Also as i mentioned earlier if we use a Download Accelerator then i can easily download with 10 Mbps speed.

Any idea is this behavior due to any inspection ?

Please check the below configuration, any idea will this impact the internet browsing and download rate.

class-map netflow-export-class

match access-list netflow-export

class-map inspection_default

match default-inspection-traffic

class-map http-port

match port tcp eq www

policy-map type inspect dns migrated_dns_map_1

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect netbios

inspect tftp

inspect sip

inspect ftp

inspect ip-options

class netflow-export-class

class class-default

flow-export event-type all destination 10.10.10.21

policy-map type inspect http inbound_http

parameters

match request body length gt 2000

reset log

match response body length gt 2000

reset log

match not request body length gt 100

reset log

match not response body length gt 100

reset log

match req-resp content-type mismatch

reset log

match request header content-type violation

reset log

match response header content-type violation

reset log

match request header length gt 100

reset log

match request uri length gt 100

reset log

class _default_gator

drop-connection

class _default_kazaa

drop-connection

class _default_msn-messenger

drop-connection

class _default_aim-messenger

drop-connection

class _default_yahoo-messenger

drop-connection

policy-map inbound_policy

class http-port

inspect http inbound_http

service-policy global_policy global

prompt hostname context

call-home reporting anonymous

topic Throughput issues in Cisco ASA 5510 in Network Security

Throughput issues in Cisco ASA 5510

Throughput issues in Cisco ASA 5510