I have an ASA 5510 with Security Plus license. It has 3 Internet connections (2 x ADSL2+ based and 1 x 10/10M Ethernet). ASA is configued in dual ISP mode (2 ADSL connections) providing internet access in case of default route goes down.
3rd connection has recently been installed, i have statically entered a to route (speedtest.net) to forward any traffic for these IP addresses to go through 3rd connection (10m/10m ethernet). When i do a speedtest on speedtest.net it shows me 9.5m download and 1.4m upload.
If i plug the 3rd connection (10m/10m ethernet) directly into my computer and then do speedtest, it results in 9.8m download and 9.5m upload which is close to what is suppose to be, so i dont think there is anything wrong with the actual link, its the ASA which is throttling the upload traffic and keeping them below 1.5m. I have tried different duplex and speed settings but they did not make any difference, at the moment its configured at FULL 100M which is recommended settings by the provider. I have looked at logs nothing gets dropped when i run the tests, no errors on the internet, no crc etc.. There is no IPS module installed.
I also just noticed that if you run FTP test to ISP's FTP server i get around 9m/9m which is acceptable, so problem seems to be only with http uploads.
If the problem only affects HTTP and not FTP (which also uses TCP), I would start by focusing on any configuration on the ASA that specifically looks at port 80 connections. Do you have HTTP inspection or URL filtering enabled? If so, try disabling them and seeing if the issue persists.
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE.
Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm...