Re: Issue with speed through 2 firewalls (ASA 5510's)

guyd · ‎06-06-2012

We have a configuration where we go through a firewall (ASA 5510) to a router, which decides if it is internet traffic or another network used for colleges etc in Canada called SRNet. If it is internet traffic it then goes through another ASA 5510 to the internet.

When we tested we were not seeing the speed of our internet (about 1/10th). We tested by putting the laptop before the internet firewall and we get the throughput. We also threw the test laptop before the router and we got the throughput expected. But when the test laptop is before the internal (first) firewall we get about 1/10th the speed.

We are natting on both firewalls, so from the inside we are going from a private IP to a Public IP (so it can go to SRNet is need be), then natting again to the internet IP on the second firewall.

Any ideas why the speed is so slow behind the internal firewall would be appreciated.

John Peterson · ‎06-13-2012

Set all the Cisco device's interface which are connected to the slow firewall to full duplex and the highest speed and ensure the same is done at the other end. Also can you please proivde a quick network diagram if possible with some made up IP address.

Can you please post a show interface on device which is slow?

Also can you check you cpu of the firewall?

Is the connection always slow or is it just at some parts of the day?

Can you please post the config of the devices connected on a text file, if you like please amend ip address to relate to the diagram.

guyd · ‎07-09-2012

We solved the issue. It was an http inspection issue I believe as I was away while they other person found the issue.

Thanks

Duane