Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3838
Views
0
Helpful
6
Replies

ASA 5520 slows down Internet connection

CCOintIPS
Level 1
Level 1

‎05-13-2010 04:54 AM - edited ‎03-11-2019 10:45 AM

I have a mysterious problem with my Internet connection. The Edge topology is in the attachment so are the most important "show" commands. We have a 50Mb/s symmetric Internet connection. When we use Internet through ASA the download speed does not exceed 3Mb/s whereas the upstream is at about 45Mb/s. When we connect our LAN directly to 2960 the downstream increases dramatically up to 47Mb/s whereas the upstream remains at about 45Mb/s. Duplex is manually set to 1000/full on all interfaces. All that I have noticed are dropped packets on outside interface (Gi0/0). The reason is unclear. Could that be the reason for speed degradation?

What could be the problem?

Any help is appreciated!

Labels:
64522-sh_tech(wo run).txt.zip
50 KB
0 Helpful
6 Replies 6

Panos Kampanakis
Cisco Employee
Cisco Employee

‎05-13-2010 09:15 AM

First I would check duplex and speed mismatches between the ASA ports and the devices that are connected to it. Errors under their interfaces will prove that this is the problem.

I hope it helps.

PK

0 Helpful

CCOintIPS
Level 1
Level 1
In response to Panos Kampanakis

‎05-14-2010 02:19 AM

I don`t think it is a duplex mismatch issue as packets are dropped on logical interface "outside" but not on the physical. The second reason is tha all ports are configured for 1000/Full manually. I`ll try aplying auto-negotiation on this ports may be it will help.

Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Description: -= Internet - Sovintel =-
        MAC address 001a.6d7c.8cd6, MTU 1500
        IP address 62.141.82.195, subnet mask 255.255.255.240
        1771674455 packets input, 1224267434729 bytes, 0 no buffer
        Received 53794 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        19090 L2 decode drops
        1698087161 packets output, 664356941838 bytes, 86 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)
  Traffic Statistics for "outside":
        1028102662 packets input, 682414356148 bytes
        985584489 packets output, 360564996151 bytes
        5526716 packets dropped
      1 minute input rate 704 pkts/sec,  538517 bytes/sec
      1 minute output rate 713 pkts/sec,  316581 bytes/sec
      1 minute drop rate, 6 pkts/sec
      5 minute input rate 642 pkts/sec,  509791 bytes/sec
      5 minute output rate 604 pkts/sec,  183650 bytes/sec
      5 minute drop rate, 6 pkts/sec

If you have any other ideas please let me know.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to CCOintIPS

‎05-14-2010 06:37 AM

I would focus on

Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Description: -= Internet - Sovintel =-
        MAC address 001a.6d7c.8cd6, MTU 1500
        IP address 62.141.82.195, subnet mask 255.255.255.240
        1771674455 packets input, 1224267434729 bytes, 0 no buffer
        Received 53794 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        19090 L2 decode drops
        1698087161 packets output, 664356941838 bytes, 86 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)

Your outbound aggregate traffic could get very high at some point (underruns). And L2 decode drops could be L2 problems with the switch.

I hope it helps.

PK

0 Helpful

CCOintIPS
Level 1
Level 1
In response to Panos Kampanakis

‎05-14-2010 06:55 AM

I have cleared the counter information and this L2 counters do not grow. But Internet connection is still very slow. Applying speed and duplex auto-negotiation didnot help.

Any Ideas what else could limit the speed?

0 Helpful

CCOintIPS
Level 1
Level 1

‎05-16-2010 10:42 PM

Guys! Need your help! Anyone any ideas???

0 Helpful

tadben2000
Level 1
Level 1

‎01-20-2012 12:11 AM

ASA 5520 slows down Internet connection

Dear Telecom Engineer

I have faced the same problem in my newly deployed network. I have two ASA5520-AIP20-k9. both connected to IPS and configured as Active standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) is some times in 2000  msec or above

when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec.

can you please post the solution to this problem you faced 3 years ago. or anyone who have faced and resolved this problem please post the solution.

Tadesse

Ethiopia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card