03-20-2012 10:03 PM - edited 03-11-2019 03:44 PM
Has anyone experienced a slowdown in VMWare (v5) VDI with PCOIP screen refresh rates when the traffic goes through a Cisco ASA firewall (version 7.? - I'm not at work as this question came to mind.) Any special commands one might be able to put in place on the ASA to be particularly friendly to PCOIP traffic? Thank you.
04-11-2013 02:05 PM
You first will need to determine whether the asa is the issue or not,
enable logging and take captures,
once you have that let us know as I will be more than glad to fix this with you
04-12-2013 04:50 AM
1- how is logging going to help you?
2- how are you going to decrypt the capture if the data is "encrypted" if it is enabled with PCoIP?
04-12-2013 09:28 AM
Hello david,
As usual questioning my answers
1) I mean how could not help!!! Logs as captures don't lie.. so as long as a connection is failing across the firewall we must check the logs, have you ever troubleshoot VPNs across the firewall ( the key part is across). Logs could tell us whether we are having a nat problem,etc,etc,etc.
2)Even though is on by default, customer might have it off, or we could turn it off for testing purposes,
All I am doing is trying to help, if you have a better troubleshooting step be more than glad to help
Regards
04-12-2013 11:25 AM
by reading the original post "Has anyone experienced a slowdown in VMWare (v5) VDI with PCOIP screen refresh rates when the traffic goes through a Cisco ASA firewall (version 7.?", one can reasonably assume that the traffics do make it through the firewall and that it is working but very slow. In other words, the poster has confirmed that firewall rules and NAT (if any) is already working.
In most production environments, turning off encryption is not an option, even for testing purposes.
04-12-2013 11:30 AM
Hello,
either way we must check the information in order to check for a patter,
Or may be next time I should answers to questions like this: No I have not experienced this , and I cannot help you as the traffic must be encrypted.... I don't think that is the proper way to go,
We are help to help and to try to correlate the issues to something,
We are not 100 % sure the traffic is being encrypted but even if it's being encrypted we could use a capture and on wireshark check the round trip time to determine if the ASA is the point where traffic is being slow down, Have you ever deal with a case like this,
Have a great day
04-12-2013 12:33 PM
Hi Jcarvaja,
I am just joking . I know you've been very active in this forum and I use many of your advises as well. I know you're trying to help and really appreciate it. I do have to say that Cisco TAC supports are many times better than Checkpoint
Please don't stop.
Thanks,
04-12-2013 12:35 PM
Hello David,
Great to hear that you think that
I won't stop
Have a great day,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide