https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509413#M611816 <P>Greetings.</P><P></P><P>I have a problem. We're planning to add an ASA into our network for VPN and firewall purposes. I've hooked the ASA up to the network and so things look a bit like this:-</P><P></P><P>Bridged Internet Connection ---&gt;&gt; ASA 5510 ---&gt;&gt; 1841 Router ---&gt;&gt; Network</P><P></P><P>We currently use a different firewall appliance which is still connected. The problem is, when I switch the route to go out onto the internet to pass through the ASA, DNS resolutions become slow. They work but they are slow and thus browsing is slow. When I set the route back to the other firewall appliance, everything works fine. The resolutions are much quicker than when the traffic is running through the ASA.</P><P></P><P>By the way, the DNS server is internal.</P><P></P><P>Can anyone share some insight into why this happens? Did I forget something? I've attached the ASA's configuration.</P> Mon, 11 Mar 2019 18:38:38 GMT Felix Bowman 2019-03-11T18:38:38Z https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509413#M611816 <P>Greetings.</P><P></P><P>I have a problem. We're planning to add an ASA into our network for VPN and firewall purposes. I've hooked the ASA up to the network and so things look a bit like this:-</P><P></P><P>Bridged Internet Connection ---&gt;&gt; ASA 5510 ---&gt;&gt; 1841 Router ---&gt;&gt; Network</P><P></P><P>We currently use a different firewall appliance which is still connected. The problem is, when I switch the route to go out onto the internet to pass through the ASA, DNS resolutions become slow. They work but they are slow and thus browsing is slow. When I set the route back to the other firewall appliance, everything works fine. The resolutions are much quicker than when the traffic is running through the ASA.</P><P></P><P>By the way, the DNS server is internal.</P><P></P><P>Can anyone share some insight into why this happens? Did I forget something? I've attached the ASA's configuration.</P> Mon, 11 Mar 2019 18:38:38 GMT https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509413#M611816 Felix Bowman 2019-03-11T18:38:38Z https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509414#M611821 <HTML><HEAD></HEAD><BODY><P>I would suggest enabling dns inspection.</P><P></P><P>If that doesn't help I would suggest using the capture command to capture packets in and out of the ASA so you can see who delays or drops the dns. </P><P></P><P>Also check the interfaces for duplect or speed mismatches that could cause drops and delays.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Fri, 10 Sep 2010 18:31:59 GMT https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509414#M611821 Panos Kampanakis 2010-09-10T18:31:59Z https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509415#M611824 <HTML><HEAD></HEAD><BODY><P>Thank you. I got the problem solved after doing some packet captures.</P><P></P><P>It turns out that the DNS server was forwarding to two other older DNS servers that we had before. That caused the resolutions to take much longer than they should have which timed out on the client machines.</P><P></P><P>The captures showing the older DNS servers making resolution requests whenever a lookup request was made from the new DNS server.</P><P></P><P>I appreciate your help on the matter.</P></BODY></HTML> Tue, 14 Sep 2010 14:17:39 GMT https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509415#M611824 Felix Bowman 2010-09-14T14:17:39Z https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509416#M611828 <HTML><HEAD></HEAD><BODY><P>Thank you for updating. That way other will benefit in the future.</P><P></P><P>PK</P></BODY></HTML> Tue, 14 Sep 2010 14:48:10 GMT https://community.cisco.com/t5/network-security/asa-5510-slow-name-resolution/m-p/1509416#M611828 Panos Kampanakis 2010-09-14T14:48:10Z