5505 dropping packets

thehpsgroup · ‎08-24-2011

Hi,

* We have two ASA 5505's setup in transparent mode in a failover state

* We are having a problem with traffic bettwen the firewall and our datacenters internet backbone

* The problem seems to be a drop in packets / packet data (25% loss on 1,000 1Kb packets, 90% loss on 1,000 10Kb packets)

* We have basic firewall rules enabled without IPS / IDS at the moment to check if this was the problem

* The interfaces are running at 100mb full duplex and we have tried changing the duplex mode and negotion type without any success

* The CPU and Memory load seems to be in a normal range

* It seems to limit itself to 1.3M~ max thoughput when / if we can get traffic though

* Inbound traffic seems to be unaffected only outbound

* We have not set any QoS as you can't in transparent mode

* We have also tried disabling the logging and statistics without any luck

* The main bulk of traffic though the Firewall is HTTP / HTTPs but all services are affected by the same issue

* As the packet size increases, the amount loss increases

We need a Cisco guru, ideally UK based, or some help to find out the core problem.

Any suggestions?!

Many thanks,

Andy Twine

Maykol Rojas · ‎08-24-2011

Andy,

Not really close to UK, but Ill give it a try. Can you give me the output of show interface? I would like to see the packet drops, also, to check what kind of packets are the ones being affected, I need the following info,

show asp table socket

A capture of ASP drop (capture test type asp drop-all) wait for a couple of minutes until it fills up and then send us the output.

This would give me an inside of what is going on.

Mike