Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
3
Replies

ASA Slowing down a single web page load

abdou.bekk1
Level 1
Level 1

‎06-18-2016 06:23 PM - edited ‎03-12-2019 12:54 AM

Hi guys, 

I am experiencing a unique problem. Before explanations, I'll post this schema below so that you can have an idea about the issue.

We have external clients that try to access a web page which is on our internal WebServer illustrated before on port 444 which forwards to the 443 (the real port). While doing my tests with the ASA as a firewall instead of the old iptables firewall, I can get to the page hosted on our server from an external network (my 4G for example or any other network) using a navigator and can authenticate my self, so the NAT here is really forwarding the mapped port to reach the real port. 

My problem is that after the authentication process the web page don't load or load very very slowly and sometimes some parts of the page don't load at all (It's very "random" without touching to the settings)

Do you have any idea from where the problem might be coming ?

If it can help, i can post my NAT configuration :

nat (outside,inside) source static any any destination static interface VESR003 service 444 444- unidirectional

444 : is a service that have as a source port (1-65535) and destination port 444

444- : is a service that forward (source port 444) to (destination port 443) after translation

I don't know if I am doing the port forwarding properly but it seems that this is working as soon as I can reach the authentication page and authenticate on the htaccess box. 

For your information : i'm using ASA version 9.2.4 and ASDM 7.2

Thank you very much.

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎06-19-2016 01:10 PM

Smells like an MTU issues to me.

Try an extreme value like the below is see if it resolves it, and then remove the command:

sysopt connection tcpmss 1000
0 Helpful

abdou.bekk1
Level 1
Level 1
In response to Philip D'Ath

‎06-19-2016 11:49 PM

Hi Philip,

I just did try the command but it didn't resolve the issue. This is the only site which blocks on loading.

0 Helpful

abdou.bekk1
Level 1
Level 1
In response to Philip D'Ath

‎06-20-2016 01:19 AM

Also, I noticed that when I launch a "netstat -ano" on Windows to check ports and active connections,  I can see that when it comes to the public IP of the website (outside ASA interface IP) it stucks on "SYN_SENT". 

Output on Windows :

TCP     192.168.199.41:2734  212.xxx.xxx.xxx:444    SYN_SENT    4756 

TCP     192.168.199.41:2735  212.xxx.xxx.xxx:444    SYN_SENT    4756 

TCP     192.168.199.41:2736  212.xxx.xxx.xxx:444    SYN_SENT    4756 

TCP     192.168.199.41:2737  212.xxx.xxx.xxx:444    SYN_SENT    4756 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card