Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1632
Views
0
Helpful
2
Replies

slow, intermittent Internet access with ASA

tato386
Level 6
Level 6

‎05-24-2012 05:03 PM - edited ‎03-11-2019 04:11 PM

Users are reporting lots of problem with the Internet at my office.  Mostly slow speeds and pages that do not fully load.  I did a "sho asp drop" on the ASA and got the info below.  Not sure what is OK or not but the large amount of out-of-order buffer full errors worry me.  Would appreciates comments and/or suggestions.

Thanks,

Diego

 

Frame drop:

  Invalid TCP Length (invalid-tcp-hdr-length)                                 39

  Invalid UDP Length (invalid-udp-length)                                     18

  No valid adjacency (no-adjacency)                                       124426

  No route to host (no-route)                                             326260

  Flow is denied by configured rule (acl-drop)                          30027270

  First TCP packet not SYN (tcp-not-syn)                                 4720710

  Bad TCP flags (bad-tcp-flags)                                               54

  TCP Dual open denied (tcp-dual-open)                                      3154

  TCP data send after FIN (tcp-data-past-fin)                                 54

  TCP failed 3 way handshake (tcp-3whs-failed)                            563461

  TCP RST/FIN out of order (tcp-rstfin-ooo)                                25702

  TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff)                          1039

  TCP SYNACK on established conn (tcp-synack-ooo)                            789

  TCP packet SEQ past window (tcp-seq-past-win)                            28464

  TCP invalid ACK (tcp-invalid-ack)                                          212

  TCP Out-of-Order packet buffer full (tcp-buffer-full)                185256835

  TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout)            1934908

  TCP RST/SYN in window (tcp-rst-syn-in-win)                               32239

  TCP packet failed PAWS test (tcp-paws-fail)                              79193

  ICMP Inspect seq num not matched (inspect-icmp-seq-num-not-matched)         86

  ICMP Error Inspect no existing conn (inspect-icmp-error-no-existing-conn)                                    21

  DNS Inspect invalid packet (inspect-dns-invalid-pak)                     11359

  DNS Inspect invalid domain label (inspect-dns-invalid-domain-label)        514

  DNS Inspect id not matched (inspect-dns-id-not-matched)                  91686

  Interface is down (interface-down)                                           3

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-24-2012 08:57 PM

Hello Diego,

Can you share the following:

-show service-policy

-sh interface | include errors

Regards,

Julio

Rate all the posts that help

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

tato386
Level 6
Level 6
In response to Julio Carvajal

‎05-25-2012 07:20 AM

HTH,

Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: dns preset_dns_map, packet 52062477, drop 103719, reset-drop 0

      Inspect: ftp, packet 10673793, drop 0, reset-drop 0

      Inspect: h323 h225 _default_h323_map, packet 30, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0

      Inspect: netbios, packet 613535, drop 0, reset-drop 0

      Inspect: rsh, packet 0, drop 0, reset-drop 0

      Inspect: rtsp, packet 7899930, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: skinny , packet 321194, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 50

      Inspect: esmtp _default_esmtp_map, packet 28879288, drop 213, reset-drop 0

      Inspect: sqlnet, packet 6, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: sunrpc, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: tftp, packet 20157, drop 0, reset-drop 0

      Inspect: sip , packet 10513, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: xdmcp, packet 0, drop 0, reset-drop 0

      Inspect: http, packet 3977754678, drop 0, reset-drop 0

    Class-map: class_ftp

      Inspect: ftp, packet 0, drop 0, reset-drop 0

Asa#

Asa#

Asa# show interface | include errors

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 2 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 7997 collisions, 0 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        225 input errors, 0 CRC, 0 frame, 225 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 5 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0

Thank you,

Diego

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card