08-24-2012 06:49 AM - edited 03-11-2019 04:46 PM
Hello,
Our internet connection is connected to an ASA. The download speed is ok but the upload is very slow.
we have been running some speed test from our LAN, and have been also trying to upload/download file.
Our ASA also have the IPS module.
I turned this off but we've got the same result.
I send here attach the configuration file of the ASA.
Does anybody have any suggestions to what the problem may be?
Regards
08-24-2012 10:40 AM
Hello,
What do you mean by turned off the module?
Also have you done any captures on the ASA.
You can create 2 captures (inside, outside) and then open them on wireshark and check how much time takes for the asa to receive the packet on one interface and send it on the other interface,
Configuration looks simple enough to be working good
Rate all the helpful posts
Regards,
Julio
08-27-2012 12:13 AM
Hello Julio,
Thanks for the reply.
by turned off the module, i mean the bypass mode is on, and we also tried to remove the policy applied.
we will try to capture the traffic and let you know.
Thanks
08-27-2012 01:06 AM
Hi,
it seems it doen't take too much time takes for the asa to receive the packet on one interface and send it on the other interface. the bypass mode on the IPS is enabled.
what would you suggest us to check next?
08-27-2012 12:25 PM
Hello,
You are right on the capture looks like there is no problem with the time but it is importan to remark that on the captures I can notice that the returning traffic ( Reply from the ftp server to your client) is taking really long. Please check that as you could see on the captures our host reply inmediatly but the Server do takes it's time.
Also can you remove the class-map from the ASA ( the one related from the IPS) and do a clear local-host and then give it a try
Finally provide us the output of the following
-Show interface | include error
-Show cpu
Remember to rate all the helpful posts
Regards,
Julio
08-28-2012 04:36 AM
Hi Julio,
We have removed the class-map for IPS and have done a clear local-host.
We have also changed the duplex (from Auto to full) and speed (from Auto to 100Mbps) on the outside interface.
it seemed the duplex we 've got was half when it was configured as Auto. We've asked our ISP to change in their side to full, but we've got half instead.
We did an upload test after those actions, the speed we got is 300KBps, it should be 8Mbps (download and upload).
when we send many upload at a same time, we can see from our monitoring tool that the bandwidth used is 8Mb.
We wonder we cannot get high speed when uploading a single file, the max speed is 300KBps.
Please, find below the output of
sh int | inc error
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 1 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 1 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 1 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 2710 collisions, 3 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
the 2710 collisions is on the outside interface (i think it was before changing duplex)
sh cpu
CPU utilization for 5 seconds = 2%; 1 minute: 1%; 5 minutes: 1%
when we plug a computer directly to the ISP device (IDU), the speed is high (about 650KBps).
what would you suggest us to do? (sure, we will rate all the helpful posts )
08-28-2012 12:03 PM
Hello,
That is correct, the collisions are because of the half-duplex setting.
Cpu is perfect.
" We've asked our ISP to change in their side to full, but we've got half instead"
That is what I do not like you will need to confirm they hardcode their site to full-duplex as if you leave it like this then one of the endpoints ( the one on full duplex) will be able to talk whenever he wants and the other side( half-duplex) will do it only when the other side stops and that will be almost never if the other one is full duplex.
So please change that, afterwards we will keep troubleshooting this,
Let me know what they say
Julio
08-29-2012 04:19 AM
Hi Julio,
The duplex and speed were changed, we hardcoded it to full/100Mbps.
The upload speed is higher (now : 300KBps - before : 50KBps) , it should be 8Mbps (download and upload).
When sending only one file, the max speed we can get is 300KBps.
We can see from our monitoring tool that the bandwidth used is 8Mb only when we send many upload at the same time.
We wonder we cannot get high speed when uploading a single file, the max speed is 300KBps.
There is no problem with download.
What would you suggest us next ?
08-29-2012 08:27 AM
Hello,
I would do the following test:
-Connect a single PC to an interface ( Inside or DMZ) of the ASA, so it will be directly connected and then run the test.
We need to make sure it is a problem with the ASA and not with the internal network.
Regards,
Julio
09-04-2012 02:21 AM
Hi Julio,
Thanks for your reply. Unfortunately, the connection is used all the time and we cannot unplug it.
What we did was, we pluggled a single pc to a dmz, but the LAN is also connected to the inside, and we got the same result.
we will do the test with only one pc when we can disconnect the LAN from the ASA.
in the meantime, is there any test you suggest to do?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide