Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2480
Views
5
Helpful
5
Replies

Cisco ASA inside interface CRC errors + input errors incrementing

LovejitSingh130013
Level 1
Level 1

‎02-11-2021 08:29 AM

Hello @balaji.bandi  @Rob Ingram    @Marvin Rhoads  @Mohammed al Baqari  @Richard Burts  @Aref Alsouqi   @Richard Burts  @Joseph W. Doherty  @Giuseppe Larosa 

 

I got Cisco ASA 5525 with Firepower services and got FMV VM to manage the Firepower services.  

I got 200 Mbps download and Upload and its a dedicated Circuited from Rogers.  

 

The issue is that I am not getting more than 50 Mbps Upload speed while getting 100% (upto 200 Mbps) download.  ISP said its something with our Firewall.

I worked Cisco TAC and we checked CPU usage for ASA and firepower which looks great and stable.

I checked Outside interface and did not see any errors etc. but when I checked internal inside interface i see CRC/input errors continuously incrementing. 

 

I checked same thing on switchport connected to it and there are no errors on it. 

I also checked that Duplex and speed settings are same and on Auto. and MTU is 1500. 

I changed the cable but it did not make any difference.

 

Can you guys advice what else should i do to find the root cause for these errors on inside interface?

Also what else can contribute in delaying upload speed on ASA?

 

Thanks 

0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎02-11-2021 08:39 AM - edited ‎02-11-2021 08:40 AM

@LovejitSingh130013 

How many CRC errors, a few or a lot?

What firepower features do you have enabled? Some features can impact performance quite dramatically.

TAC would be best placed to help you troubleshoot this, how did you leave it with them?

0 Helpful

LovejitSingh130013
Level 1
Level 1
In response to Rob Ingram

‎02-11-2021 08:41 AM

@Rob Ingram  

 

We got IPS+Malware+URL Filtering enabled.

 

Thanks,

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2021 08:46 AM - edited ‎02-11-2021 08:46 AM

first steps to confirm is you getting real bandwidth or not. Connect any device bypass FP and check are you really getting the mentioned bandwidth from ISP or not.

 

Then  coming back to FP, if you have IPS, you may see some performance issue, this required may have some tuning based on the deployment.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram
VIP
VIP

‎02-11-2021 08:47 AM - edited ‎02-11-2021 08:47 AM

@LovejitSingh130013 

Re-run your tests without those features enabled and see if performance improves. Then go from there, adjust policies if required.

0 Helpful

cmarva
Level 4
Level 4

‎02-12-2021 07:13 AM

can you port a "sho interface" for the inside interface?

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card